mynode/rootfs/standard/usr/bin/mynode_gen_cert.sh

104 lines
2.4 KiB
Bash
Raw Normal View History

2019-06-15 23:02:44 +00:00
#!/bin/bash
set -x
set -e
2019-06-15 23:02:44 +00:00
# Main variables
2019-10-19 03:39:29 +00:00
OUTPUT_DIR_BASE="/home/bitcoin/.mynode"
HDD_DIR_BASE="/mnt/hdd/mynode/settings"
mkdir -p $OUTPUT_DIR_BASE
mkdir -p $HDD_DIR_BASE
2020-07-18 04:07:12 +00:00
OUTPUT_DIR="UNKNOWN"
HDD_DIR="UNKNOWN"
if [ -z "$1" ]; then
echo "Need certificate subfolder! Exiting."
exit 1
2019-10-19 03:39:29 +00:00
fi
2020-07-18 04:07:12 +00:00
OUTPUT_DIR="${OUTPUT_DIR_BASE}/$1"
HDD_DIR="${HDD_DIR_BASE}/$1"
2019-10-26 17:15:29 +00:00
DAYS=99999
2020-02-19 05:20:00 +00:00
if [ ! -z "$2" ]; then
2019-10-26 17:15:29 +00:00
DAYS=$2
fi
2019-06-15 23:02:44 +00:00
mkdir -p $OUTPUT_DIR
mkdir -p $HDD_DIR
2019-10-19 03:39:29 +00:00
domain=myNode.local
commonname=myNode.local
LOCAL_IP_ADDR=$(hostname -I | head -n 1 | cut -d' ' -f1)
TOR="electrstor.onion"
if [ -f /var/lib/tor/mynode/hostname ]; then
TOR=$(cat /var/lib/tor/mynode/hostname)
fi
# Check for files on HDD and move to SD
if [ ! -f $OUTPUT_DIR/$domain.pem ] && [ -f $HDD_DIR/$domain.pem ]; then
cp -f $HDD_DIR/* $OUTPUT_DIR/
fi
2019-06-15 23:02:44 +00:00
if [ -f $OUTPUT_DIR/$domain.pem ]; then
# Verify files are stored on HDD
if [ ! -f $HDD_DIR/$domain.pem ]; then
cp -f $OUTPUT_DIR/* $HDD_DIR/
fi
echo "Certificate already exists."
2019-06-15 23:02:44 +00:00
exit 0
fi
# Change to your company details
country=US
state=myNode
locality=myNode
organization=myNode
organizationalunit=myNode
email=satoshi.nakamoto@example.com
password=dummypassword
# Generate a key
echo "Creating key"
openssl genrsa -des3 -passout pass:$password -out $OUTPUT_DIR/$domain.key 2048
# Remove passphrase from the key
echo "Removing passphrase from key"
openssl rsa -in $OUTPUT_DIR/$domain.key -passin pass:$password -out $OUTPUT_DIR/$domain.key
# Create Certificate
echo "Creating Certificate"
cat > /tmp/cert_req.conf <<DELIM
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
utf8 = yes
[req_distinguished_name]
C=$country
ST=$state
L=$locality
O=$organization
OU=$organizationalunit
CN=${commonname}
emailAddress=$email
[v3_req]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain
DNS.2 = www.$domain
DNS.3 = localhost
DNS.4 = localhost.localdomain
DNS.5 = $LOCAL_IP_ADDR
DNS.6 = $TOR
DELIM
openssl req -x509 -nodes -days 730 -key $OUTPUT_DIR/$domain.key -out $OUTPUT_DIR/$domain.crt -config /tmp/cert_req.conf -extensions 'v3_req'
2019-06-15 23:02:44 +00:00
echo "Creating PEM"
cat $OUTPUT_DIR/$domain.key > $OUTPUT_DIR/$domain.pem
echo "" >> $OUTPUT_DIR/$domain.pem
cat $OUTPUT_DIR/$domain.crt >> $OUTPUT_DIR/$domain.pem
# Put copy of files of HDD
cp -f $OUTPUT_DIR/* $HDD_DIR/