initial commit
This commit is contained in:
Gianluca Arbezzano
30
deploy/tls/gencerts.sh
Executable file
30
deploy/tls/gencerts.sh
Executable file
@ -0,0 +1,30 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -eux
|
||||
|
||||
cd /certs
|
||||
|
||||
if [ ! -f ca-key.pem ]; then
|
||||
cfssl gencert \
|
||||
-initca ca.json | cfssljson -bare ca
|
||||
fi
|
||||
|
||||
if [ ! -f server.pem ]; then
|
||||
cfssl gencert \
|
||||
-ca=ca.pem \
|
||||
-ca-key=ca-key.pem \
|
||||
-config=/ca-config.json \
|
||||
-profile=server \
|
||||
server-csr.json |
|
||||
cfssljson -bare server
|
||||
fi
|
||||
|
||||
cat server.pem ca.pem >bundle.pem.tmp
|
||||
|
||||
# only "modify" the file if truly necessary since workflow will serve it with
|
||||
# modtime info for client caching purposes
|
||||
if ! cmp -s bundle.pem.tmp bundle.pem; then
|
||||
mv bundle.pem.tmp bundle.pem
|
||||
else
|
||||
rm bundle.pem.tmp
|
||||
fi
|
||||
Reference in New Issue
Block a user