diff options
| author | Mitchell Riedstra <mitch@riedstra.dev> | 2021-11-21 11:09:38 -0500 |
|---|---|---|
| committer | Mitchell Riedstra <mitch@riedstra.dev> | 2021-11-21 11:09:38 -0500 |
| commit | 58c3c4c8fb2de308fe5b99b22b1b1449186dcffe (patch) | |
| tree | 1695fe3e188c524f5bef5d60467cf3e5393298c7 /scripts | |
| parent | 67c88ce37a01318acc34dd0ed5496a211fe70def (diff) | |
| download | dotfiles-58c3c4c8fb2de308fe5b99b22b1b1449186dcffe.tar.gz dotfiles-58c3c4c8fb2de308fe5b99b22b1b1449186dcffe.tar.xz | |
Add syncthing certificate generator script
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/syncthing-cert.sh | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/scripts/syncthing-cert.sh b/scripts/syncthing-cert.sh new file mode 100644 index 0000000..0dd460b --- /dev/null +++ b/scripts/syncthing-cert.sh @@ -0,0 +1,70 @@ +#!/bin/sh +set -e +days="3650" +keyout="syncthing.key" +reqout="$(mktemp)" +certout="syncthing.crt" +alg="ED25519" + +help() { +cat <<EOF +$0 [ -c <certificate_out> ] [ -k <key_out> ] [ -448 ] +Defaults are: +certificate_out: 'syncthing.crt' +key_out: 'syncthing.key' + +Optionally, the -448 option will generate an ED448 key instead of ED25519. + +EOF +exit 1 +} + +while [ $# -gt 0 ] ; do case $1 in + -c) certout="$2" ; shift ; shift ;; + -k) keyout="$2" ; shift ; shift ;; + -448) alg="ED448"; shift ;; + *) help ;; +esac ; done + +v3Section=" +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, dataEncipherment +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = @alt_names +[alt_names] +DNS.1 = syncthing +" + +openssl genpkey -algorithm $alg > "$keyout" + +cnf="$(mktemp)" +cat > "$cnf" <<EOF +[req] +distinguished_name = req_distinguished_name +prompt = no +req_extensions = v3_req +[req_distinguished_name] +OU = Automatically Generated +O = Syncthing +CN = syncthing +[v3_req] +$v3Section +EOF + +extfile="$(mktemp)" +cat > "$extfile" <<EOF +[v3_ca] +$v3Section +EOF + +openssl req -new -out "$reqout" -key "$keyout" -config "$cnf" + +rm "$cnf" + +openssl x509 -req -days "$days" -in "$reqout" -signkey "$keyout" \ + -extensions v3_ca \ + -extfile "$extfile" \ + -out "$certout" + +rm "$extfile" +rm "$reqout" |