Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
certman
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
IML Open Source
certman
Commits
2353823a
Commit
2353823a
authored
4 years ago
by
Hahn Axel (hahn)
Browse files
Options
Downloads
Patches
Plain Diff
many small fixes; added stage test and md5 match
parent
b6fcb9b6
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
cm.sh
+59
-17
59 additions, 17 deletions
cm.sh
templates/csr.txt.dist
+12
-5
12 additions, 5 deletions
templates/csr.txt.dist
with
71 additions
and
22 deletions
cm.sh
+
59
−
17
View file @
2353823a
...
@@ -58,25 +58,37 @@ function _certMustNotExist(){
...
@@ -58,25 +58,37 @@ function _certMustNotExist(){
# known directory (based on CM_diracme - see inc_config.sh)
# known directory (based on CM_diracme - see inc_config.sh)
# used in public_add and public_renew
# used in public_add and public_renew
function
_certTransfer
(){
function
_certTransfer
(){
_wd
"--- acme internal data"
_wd
"--- acme internal data
- ~/.acme.sh/
${
CM_fqdn
}
"
ls
-l
~/.acme.sh/
${
CM_fqdn
}
ls
-l
~/.acme.sh/
${
CM_fqdn
}
_wd
"--- transfer acme.sh files to
${
CM_dircerts
}
"
_wd
"--- transfer acme.sh files to
${
CM_dircerts
}
"
$ACME
\
$ACME
\
--install-cert
\
--install-cert
\
-d
${
CM_fqdn
}
\
-d
${
CM_fqdn
}
\
--cert-file
${
CM_dircerts
}
/
${
CM_fqdn
}
.cert.pem
\
--cert-file
${
CM_outfile_cert
}
\
--fullchain-file
${
CM_dircerts
}
/
${
CM_fqdn
}
.fullchain.pem
\
--fullchain-file
${
CM_outfile_chain
}
\
--ca-file
${
CM_outfile_ca
}
\
||
exit
1
||
exit
1
# --key-file ${CM_dircerts}/${CM_fqdn}.key.pem \
# --key-file ${CM_dircerts}/${CM_fqdn}.key.pem \
_wd
"--- copy key to
${
CM_dircerts
}
"
_wd
"--- copy key to
${
CM_dircerts
}
"
cp
${
CM_filekey
}
${
CM_
dircerts
}
/
${
CM_fqdn
}
.key.pem
cp
${
CM_filekey
}
${
CM_
outfile_key
}
_wd
"--- content of output dir
$CM_dircerts
:"
_wd
"--- content of output dir
$CM_dircerts
:"
ls
-l
$CM_dircerts
/
*
ls
-l
$CM_dircerts
/
*
}
}
# internal function; show md5 hashsums for certificate, csr and key
# for visual comparison if the match
# TODO: script a comparison to write out MATCH or FAIL
function
_certMatching
(){
echo
echo
"--- compare hashes to see if they match"
echo
-n
"cert : "
;
openssl x509
-noout
-modulus
-in
${
CM_outfile_cert
}
| openssl md5
echo
-n
"csr : "
;
openssl req
-noout
-modulus
-in
${
CM_filecsr
}
| openssl md5
echo
-n
"key : "
;
openssl rsa
-noout
-modulus
-in
${
CM_outfile_key
}
| openssl md5
echo
}
# internal function: dig for given fqdn.
# internal function: dig for given fqdn.
# Function stops if fqdn was not found in DNS.
# Function stops if fqdn was not found in DNS.
...
@@ -143,6 +155,18 @@ function _requiresFqdn(){
...
@@ -143,6 +155,18 @@ function _requiresFqdn(){
fi
fi
}
}
function
_testStaging
(){
echo
$ACME_Params
|
grep
"
\-\-
staging"
>
/dev/null
if
[
$?
-eq
0
]
;
then
_wd
"Using LE STAGE environment ..."
_wd
"You can test and mess around. Do not use certs in production."
else
_wd
"Using LE LIVE environment for production."
_wd
"Be careful with count of connects to LE servers."
fi
echo
}
# set update message in a file
# set update message in a file
# param string(s) message
# param string(s) message
function
_update
(){
function
_update
(){
...
@@ -171,13 +195,20 @@ function public_add(){
...
@@ -171,13 +195,20 @@ function public_add(){
_wd
"--- create output dir
$dircerts
"
_wd
"--- create output dir
$dircerts
"
mkdir
-p
"
${
CM_dircerts
}
"
2>/dev/null
mkdir
-p
"
${
CM_dircerts
}
"
2>/dev/null
#
_wd "---
domains in csr
"
_wd
"---
csr data
"
$ACME
--showcsr
--csr
$CM_filecsr
||
exit
1
$ACME
--showcsr
--csr
$CM_filecsr
||
exit
1
_wd
"--- create certificate"
_wd
"--- create certificate"
$ACME
--signcsr
--force
--csr
$CM_filecsr
$ACME_Params
||
exit
1
$ACME
--signcsr
--csr
$CM_filecsr
$ACME_Params
if
[
$?
-ne
0
]
;
then
echo
"ERROR: adding cert failed. Trying to delete internal data ..."
public_delete
$CM_fqdn
exit
1
fi
# $ACME --issue -d $CM_fqdn $ACME_Params || exit 1
_certTransfer
_certTransfer
_certMatching
_update
"added
$CM_fqdn
$*
"
_update
"added
$CM_fqdn
$*
"
}
}
...
@@ -192,7 +223,9 @@ function public_delete(){
...
@@ -192,7 +223,9 @@ function public_delete(){
# TODO: revoke it too??
# TODO: revoke it too??
# $ACME --revoke -d ${CM_fqdn} || exit 2
# $ACME --revoke -d ${CM_fqdn} || exit 2
$ACME
--remove
-d
${
CM_fqdn
}
||
exit
2
_wd
"--- delete ACME.SH data"
$ACME
--remove
-d
${
CM_fqdn
}
$ACME_Params
_wd
"--- delete local data"
rm
-rf
${
CM_dircerts
}
${
CM_filecnf
}
${
CM_filekey
}
${
CM_filecsr
}
~/.acme.sh/
${
CM_fqdn
}
rm
-rf
${
CM_dircerts
}
${
CM_filecnf
}
${
CM_filekey
}
${
CM_filecsr
}
~/.acme.sh/
${
CM_fqdn
}
_update
"deleted
${
CM_fqdn
}
"
_update
"deleted
${
CM_fqdn
}
"
}
}
...
@@ -211,8 +244,11 @@ function public_list(){
...
@@ -211,8 +244,11 @@ function public_list(){
function
public_renew
(){
function
public_renew
(){
_requiresFqdn
_requiresFqdn
_certMustExist
_certMustExist
$ACME
--renew
--force
-d
${
CM_fqdn
}
||
exit
2
$ACME
--renew
-d
${
CM_fqdn
}
$ACME_Params
||
exit
2
_certTransfer
_certTransfer
_certMatching
_update
"renew
${
CM_fqdn
}
"
_update
"renew
${
CM_fqdn
}
"
}
}
...
@@ -225,12 +261,14 @@ function public_show(){
...
@@ -225,12 +261,14 @@ function public_show(){
ls
-l
${
CM_filecsr
}
${
CM_dircerts
}
/
*
ls
-l
${
CM_filecsr
}
${
CM_dircerts
}
/
*
echo
$line
echo
$line
echo
$CM_filecsr
echo
CSR
$CM_filecsr
openssl req
-noout
-text
-in
$CM_filecsr
openssl req
-noout
-text
-in
$CM_filecsr
|
grep
-E
"(Subject:|DNS:)"
echo
$line
echo
$line
echo
${
CM_dircerts
}
/
${
CM_fqdn
}
.cert.pem
echo
Cert
${
CM_outfile_cert
}
openssl x509
-noout
-text
-in
${
CM_dircerts
}
/
${
CM_fqdn
}
.cert.pem
# openssl x509 -noout -text -in ${CM_outfile_cert}
openssl x509
-noout
-text
-in
${
CM_outfile_cert
}
|
grep
-E
"(Issuer:|Subject:|DNS:)"
_certMatching
}
}
...
@@ -254,9 +292,7 @@ ENDOFHEADER
...
@@ -254,9 +292,7 @@ ENDOFHEADER
which openssl
>
/dev/null
||
exit
1
which openssl
>
/dev/null
||
exit
1
.
./inc_config.sh
.
./inc_config.sh
if
[
$?
-ne
0
]
;
then
if
[
$?
-ne
0
]
;
then
echo
"ERROR: loading the config failed."
echo
"ERROR: loading the config failed."
echo
"Copy the inc_config.sh.dist to inc_config.sh and make your settings in it."
echo
"Copy the inc_config.sh.dist to inc_config.sh and make your settings in it."
...
@@ -264,7 +300,7 @@ if [ $? -ne 0 ]; then
...
@@ -264,7 +300,7 @@ if [ $? -ne 0 ]; then
exit
1
exit
1
fi
fi
_testStaging
grep
"function
\
public_
$1
"
$0
>
/dev/null
grep
"function
\
public_
$1
"
$0
>
/dev/null
if
[
$#
-gt
0
-a
$?
-eq
0
]
;
then
if
[
$#
-gt
0
-a
$?
-eq
0
]
;
then
...
@@ -287,9 +323,12 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
...
@@ -287,9 +323,12 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
CM_filekey
=
"
${
CM_dircsr
}
/
${
CM_fqdn
}
.key"
CM_filekey
=
"
${
CM_dircsr
}
/
${
CM_fqdn
}
.key"
CM_dircerts
=
"
${
CM_diracme
}
/
${
CM_fqdn
}
"
CM_dircerts
=
"
${
CM_diracme
}
/
${
CM_fqdn
}
"
CM_outfile_cert
=
${
CM_dircerts
}
/
${
CM_fqdn
}
.cert.cer
CM_outfile_chain
=
${
CM_dircerts
}
/
${
CM_fqdn
}
.fullchain.cer
CM_outfile_key
=
${
CM_dircerts
}
/
${
CM_fqdn
}
.key.pem
CM_outfile_ca
=
${
CM_dircerts
}
/
${
CM_fqdn
}
.ca.cer
# echo $CM_fqdn
# echo $CM_fqdn; set | grep "^CM_"; echo
# set | grep "^CM_"
_wd
"A C T I O N -->>
$action
<<--"
_wd
"A C T I O N -->>
$action
<<--"
eval
"public_
$action
$*
"
eval
"public_
$action
$*
"
...
@@ -326,3 +365,6 @@ ACTIONs for all certs
...
@@ -326,3 +365,6 @@ ACTIONs for all certs
EOF
EOF
fi
fi
echo
_testStaging
\ No newline at end of file
This diff is collapsed.
Click to expand it.
templates/csr.txt.dist
+
12
−
5
View file @
2353823a
...
@@ -3,13 +3,19 @@
...
@@ -3,13 +3,19 @@
# openssl req -new -config myserver.cnf -keyout myserver.key -out myserver.csr
# openssl req -new -config myserver.cnf -keyout myserver.key -out myserver.csr
# on the command line.
# on the command line.
# (1) the name of your location
# state as 2 letter code
COUNTRY = CH
# state
STATE = Bern
# the name of your location
LOCATION = Anywhere
LOCATION = Anywhere
#
(2)
the name of your organization
# the name of your organization
ORGNAME = My company
ORGNAME = My company
#
(3)
the name of your organization unit
# the name of your organization unit
UNITNAME = Department for magic things
UNITNAME = Department for magic things
...
@@ -33,12 +39,13 @@ req_extensions = req_ext
...
@@ -33,12 +39,13 @@ req_extensions = req_ext
[ dn ]
[ dn ]
C =
CH
C =
$COUNTRY
ST =
Bern
ST =
$STATE
L = $LOCATION
L = $LOCATION
O = $ORGNAME
O = $ORGNAME
OU = $UNITNAME
OU = $UNITNAME
CN = $FQDN
CN = $FQDN
# emailAddress=webmaster@example.com
[ req_ext ]
[ req_ext ]
subjectAltName = $ALTNAMES
subjectAltName = $ALTNAMES
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment