generar certificados sin sutty.local

* genera los certificados usando openssl en vez de gnutls
* migra los certificados de sutty.local si existen

Squashed commit of the following:

commit cdc76a1dfb6cdec484ce1adf3e623ad2655a1c7a
Author: void <v@sutty.nl>
Date:   Thu Jun 10 00:42:14 2021 +0000

    migrar certificados de sutty.local

commit b65ab40dba4ed2b7a6e8376506189fe237cdea6e
Author: void <v@sutty.nl>
Date:   Thu Jun 10 00:42:02 2021 +0000

    ups

commit 49df2116c7e00cd7747ffd83f12c4b2517c6fa2f
Author: void <v@sutty.nl>
Date:   Wed Jun 9 18:11:06 2021 +0000

    generar certificados sin sutty.local
This commit is contained in:
void 2021-06-16 17:54:27 +00:00
parent 2e34275c8e
commit 04ad94100d
2 changed files with 51 additions and 1 deletions

View file

@ -55,6 +55,54 @@ correr() {
/bin/sh -l -c "$1" < "${stdin:-/dev/null}" /bin/sh -l -c "$1" < "${stdin:-/dev/null}"
} }
generar_certificado() {
chmod 700 "$ENTORNO/etc/ssl/private"
ca_key="/etc/ssl/private/ca-sutty.key"
ca_crt="/etc/ssl/certs/ca-sutty.crt"
domain_key="/etc/ssl/private/sutty.local.key"
domain_csr="/etc/ssl/private/sutty.local.csr"
domain_crt="/etc/ssl/certs/sutty.local.crt"
if test -f "$DIR/../sutty.local/domain/sutty.local.crt"; then
SUTTY_LOCAL="$DIR/../sutty.local"
echo "Migrando certificados de sutty.local..."
cp "$SUTTY_LOCAL/ca/key.key" "$ENTORNO$ca_key"
cp "$SUTTY_LOCAL/ca/crt.crt" "$ENTORNO$ca_crt"
cp "$SUTTY_LOCAL/domain/sutty.local.key" "$ENTORNO$domain_key"
cp "$SUTTY_LOCAL/domain/sutty.local.csr" "$ENTORNO$domain_csr"
cp "$SUTTY_LOCAL/domain/sutty.local.crt" "$ENTORNO$domain_crt"
return
fi
echo "Generando certificados..."
correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key"
correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \
-passin pass:sutty -passout pass:sutty \
-subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \
-days 3650 -out $ca_crt"
correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \
-subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'"
correr "openssl x509 -req -in $domain_csr \
-CA $ca_crt -CAkey $ca_key -CAcreateserial \
-out $domain_crt -days 3650 -sha256"
echo "Instalando certificados..."
if which update-ca-certificates 2>/dev/null; then
sudo install -Dm 644 "$ENTORNO$ca_crt" /usr/share/ca-certificates/extra/sutty.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
else
sudo trust anchor "$ENTORNO$ca_crt"
fi
}
crear_entorno() { crear_entorno() {
ALPINE="3.13.5" ALPINE="3.13.5"
ALPINE_URL="https://dl-cdn.alpinelinux.org/alpine/v${ALPINE%.*}/releases/x86_64/alpine-minirootfs-${ALPINE}-x86_64.tar.gz" ALPINE_URL="https://dl-cdn.alpinelinux.org/alpine/v${ALPINE%.*}/releases/x86_64/alpine-minirootfs-${ALPINE}-x86_64.tar.gz"
@ -104,6 +152,8 @@ crear_entorno() {
for script in "$DIR/bin/"*; do for script in "$DIR/bin/"*; do
install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}" install -m 755 "$script" "$ENTORNO/usr/local/bin/${script##*/}"
done done
test -f "$ENTORNO/etc/ssl/certs/sutty.local.crt" || generar_certificado
} }
crear_entorno crear_entorno

View file

@ -3,7 +3,6 @@ daemonize
ffmpeg ffmpeg
file file
git git
gnutls-utils
less less
libssh2 libssh2
libxml2 libxml2
@ -14,6 +13,7 @@ nano-syntax
ncurses-terminfo ncurses-terminfo
nginx nginx
nodejs nodejs
openssl
postgresql postgresql
postgresql-contrib postgresql-contrib
postgresql-libs postgresql-libs