generar certificados sin sutty.local

* genera los certificados usando openssl en vez de gnutls * migra los certificados de sutty.local si existen Squashed commit of the following: commit cdc76a1dfb6cdec484ce1adf3e623ad2655a1c7a Author: void <v@sutty.nl> Date: Thu Jun 10 00:42:14 2021 +0000 migrar certificados de sutty.local commit b65ab40dba4ed2b7a6e8376506189fe237cdea6e Author: void <v@sutty.nl> Date: Thu Jun 10 00:42:02 2021 +0000 ups commit 49df2116c7e00cd7747ffd83f12c4b2517c6fa2f Author: void <v@sutty.nl> Date: Wed Jun 9 18:11:06 2021 +0000 generar certificados sin sutty.local
2021-06-16 17:54:27 +00:00 · 2021-06-16 17:54:27 +00:00 · 04ad94100d
commit 04ad94100d
parent 2e34275c8e
2 changed files with 51 additions and 1 deletions
--- a/haini.sh
+++ b/haini.sh
@ -55,6 +55,54 @@ correr() {
    /bin/sh -l -c "$1" < "${stdin:-/dev/null}"
 }
 generar_certificado() {
  chmod 700 "$ENTORNO/etc/ssl/private"
  ca_key="/etc/ssl/private/ca-sutty.key"
  ca_crt="/etc/ssl/certs/ca-sutty.crt"
  domain_key="/etc/ssl/private/sutty.local.key"
  domain_csr="/etc/ssl/private/sutty.local.csr"
  domain_crt="/etc/ssl/certs/sutty.local.crt"
  if test -f "$DIR/../sutty.local/domain/sutty.local.crt"; then
    SUTTY_LOCAL="$DIR/../sutty.local"
    echo "Migrando certificados de sutty.local..."
    cp "$SUTTY_LOCAL/ca/key.key" "$ENTORNO$ca_key"
    cp "$SUTTY_LOCAL/ca/crt.crt" "$ENTORNO$ca_crt"
    cp "$SUTTY_LOCAL/domain/sutty.local.key" "$ENTORNO$domain_key"
    cp "$SUTTY_LOCAL/domain/sutty.local.csr" "$ENTORNO$domain_csr"
    cp "$SUTTY_LOCAL/domain/sutty.local.crt" "$ENTORNO$domain_crt"
    return
  fi
  echo "Generando certificados..."
  correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key"
  correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \
    -passin pass:sutty -passout pass:sutty \
    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \
    -days 3650 -out $ca_crt"
  correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \
    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'"
  correr "openssl x509 -req -in $domain_csr \
    -CA $ca_crt -CAkey $ca_key -CAcreateserial \
    -out $domain_crt -days 3650 -sha256"
  echo "Instalando certificados..."
  if which update-ca-certificates 2>/dev/null; then
    sudo install -Dm 644 "$ENTORNO$ca_crt" /usr/share/ca-certificates/extra/sutty.crt
    sudo dpkg-reconfigure ca-certificates
    sudo update-ca-certificates
  else
    sudo trust anchor "$ENTORNO$ca_crt"
  fi
 }
 crear_entorno() {
  ALPINE="3.13.5"
  ALPINE_URL="https://dl-cdn.alpinelinux.org/alpine/v${ALPINE%.*}/releases/x86_64/alpine-minirootfs-${ALPINE}-x86_64.tar.gz"
@ -104,6 +152,8 @@ crear_entorno() {
  for script in "$DIR/bin/"*; do
    install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}"
  done
  test -f "$ENTORNO/etc/ssl/certs/sutty.local.crt" || generar_certificado
 }
 crear_entorno
--- a/2
+++ b/2
@ -3,7 +3,6 @@ daemonize
 ffmpeg
 file
 git
 gnutls-utils
 less
 libssh2
 libxml2
@ -14,6 +13,7 @@ nano-syntax
 ncurses-terminfo
 nginx
 nodejs
 openssl
 postgresql
 postgresql-contrib
 postgresql-libs