31 lines
571 B
Bash
31 lines
571 B
Bash
|
#!/usr/bin/env sh
|
||
|
|
||
|
set -eux
|
||
|
|
||
|
cd /certs
|
||
|
|
||
|
if [ ! -f ca-key.pem ]; then
|
||
|
cfssl gencert \
|
||
|
-initca ca.json | cfssljson -bare ca
|
||
|
fi
|
||
|
|
||
|
if [ ! -f server.pem ]; then
|
||
|
cfssl gencert \
|
||
|
-ca=ca.pem \
|
||
|
-ca-key=ca-key.pem \
|
||
|
-config=/ca-config.json \
|
||
|
-profile=server \
|
||
|
server-csr.json |
|
||
|
cfssljson -bare server
|
||
|
fi
|
||
|
|
||
|
cat server.pem ca.pem >bundle.pem.tmp
|
||
|
|
||
|
# only "modify" the file if truly necessary since workflow will serve it with
|
||
|
# modtime info for client caching purposes
|
||
|
if ! cmp -s bundle.pem.tmp bundle.pem; then
|
||
|
mv bundle.pem.tmp bundle.pem
|
||
|
else
|
||
|
rm bundle.pem.tmp
|
||
|
fi
|