Skip to content

Commit 30c97bd

Browse files
remingtoncremingtonc
committed
Add colored output
1 parent dd2e3da commit 30c97bd

File tree

1 file changed

+26
-9
lines changed

1 file changed

+26
-9
lines changed

scripts/gen_certs.sh

Lines changed: 26 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,30 +3,47 @@
33

44
CERT_BASE="certs"
55

6-
if [ -z $1 ]; then
7-
echo "Usage: gen_certs.sh <hostname> <ip> [<password>]"
6+
if [ -z $1 ] || [ -z $2 ]; then
7+
echo "Usage: gen_certs.sh <server_hostname> <ip> [<password>]"
88
exit 1
99
fi
1010

11+
server_hostname=$1
12+
ip=$2
13+
password=$3
14+
1115
mkdir -p $CERT_BASE
1216

17+
function print_red () {
18+
printf "\033[0;31m$1 ...\033[0m\n"
19+
}
20+
1321
# Setting up a CA
22+
print_red "Generating rootCA"
1423
openssl genrsa -out $CERT_BASE/rootCA.key 2048
1524
openssl req -subj /C=/ST=/L=/O=/CN=rootCA -x509 -new -nodes -key $CERT_BASE/rootCA.key -sha256 -days 1095 -out $CERT_BASE/rootCA.pem
1625

1726
# Setting up device cert and key
27+
print_red "Generating device certificates with CN $server_hostname and IP $ip"
1828
openssl genrsa -out $CERT_BASE/device.key 2048
19-
openssl req -subj /C=/ST=/L=/O=/CN=$1 -new -key $CERT_BASE/device.key -out $CERT_BASE/device.csr
20-
openssl x509 -req -in $CERT_BASE/device.csr -CA $CERT_BASE/rootCA.pem -CAkey $CERT_BASE/rootCA.key -CAcreateserial -out $CERT_BASE/device.crt -days 1095 -sha256 -extfile <(printf "%s" "subjectAltName=DNS:$1,IP:$2")
29+
openssl req -subj /C=/ST=/L=/O=/CN=$server_hostname -new -key $CERT_BASE/device.key -out $CERT_BASE/device.csr
30+
openssl x509 -req -in $CERT_BASE/device.csr -CA $CERT_BASE/rootCA.pem -CAkey $CERT_BASE/rootCA.key -CAcreateserial -out $CERT_BASE/device.crt -days 1095 -sha256 -extfile <(printf "%s" "subjectAltName=DNS:$server_hostname,IP:$ip")
2131

22-
# Encrypt device key - needed for input to IOS
23-
if [ ! -z $3 ]; then
24-
openssl rsa -des3 -in $CERT_BASE/device.key -out $CERT_BASE/device.des3.key -passout pass:$2
32+
# Encrypt device key
33+
if [ ! -z $password ]; then
34+
print_red "Encrypting device certificates and bundling with password"
35+
# DES 3 for device, needed for input to IOS XE
36+
openssl rsa -des3 -in $CERT_BASE/device.key -out $CERT_BASE/device.des3.key -passout pass:$password
37+
# PKCS #12 for device, needed for NX-OS
38+
# Uncertain if this is correct
39+
openssl pkcs12 -export -out $CERT_BASE/device.pfx -inkey $CERT_BASE/device.key -in $CERT_BASE/device.crt -certfile $CERT_BASE/device.crt -password pass:$password
2540
else
26-
echo "Skipping device key encryption."
41+
print_red "Skipping device key encryption"
2742
fi
2843

2944
# Setting up client cert and key
45+
hostname=$(hostname)
46+
print_red "Generating client certificates with CN $hostname"
3047
openssl genrsa -out $CERT_BASE/client.key 2048
31-
openssl req -subj /C=/ST=/L=/O=/CN=gnmi_client -new -key $CERT_BASE/client.key -out $CERT_BASE/client.csr
48+
openssl req -subj /C=/ST=/L=/O=/CN=$hostname -new -key $CERT_BASE/client.key -out $CERT_BASE/client.csr
3249
openssl x509 -req -in $CERT_BASE/client.csr -CA $CERT_BASE/rootCA.pem -CAkey $CERT_BASE/rootCA.key -CAcreateserial -out $CERT_BASE/client.crt -days 1095 -sha256

0 commit comments

Comments
 (0)