x

2 years ago · 7fb78eee2c
--- a/bin/create-client-cert.sh
+++ b/bin/create-client-cert.sh
@@ -0,0 +1,9 @@
 #!/bin/bash

 openssl req -new \
  -nodes \
  -out client.csr \
  -keyout private/client.key \
  -days 365 \
  -config ./openssl.cnf

--- a/bin/generate-crl.sh
+++ b/bin/generate-crl.sh
@@ -0,0 +1,5 @@
 #!/bin/bash

 openssl ca -gencrl \
        -out revoked/crl.pem \
        -config ./openssl.cnf
--- a/bin/inspect-crl.sh
+++ b/bin/inspect-crl.sh
@@ -0,0 +1,5 @@
 #!/bin/bash

 openssl crl -text \
        -noout \
        -in revoked/crl.pem
--- a/bin/sign-client-cert.sh
+++ b/bin/sign-client-cert.sh
@@ -0,0 +1,6 @@
 #!/bin/bash

 openssl ca -out client.crt \
        -days 365 \
        -config ./openssl.cnf \
        -infiles client.csr
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -11,8 +11,9 @@ services:
    volumes:
      - ./html:/usr/share/nginx/html
      - ./nginx/cert-mng/server.crt:/etc/nginx/certs/server.crt
      - ./nginx/cert-mng/server.key:/etc/nginx/certs/server.key
      - ./nginx/cert-mng/private/server.key:/etc/nginx/certs/server.key
      - ./nginx/cert-mng/ca.crt:/etc/nginx/certs/ca.crt
      - ./nginx/cert-mng/revoked/crl.pem:/etc/nginx/certs/crl.pem
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
    ports:
      - 80:80
--- a/nginx/cert-mng/openssl.cnf
+++ b/nginx/cert-mng/openssl.cnf
@@ -11,7 +11,7 @@ new_certs_dir    = $dir/certs
 certificate      = $dir/ca.crt
 private_key      = $dir/private/ca.key
 default_days     = 365
 default_md       = md5
 default_md       = sha256
 default_crl_days = 30
 preserve         = no
 email_in_dn      = yes
@@ -34,7 +34,7 @@ commonName             = supplied
 emailAddress           = supplied

 [ crl_ext ]
 authorityKeyIdentifier = keyid:always,issues:always
 authorityKeyIdentifier = keyid

 [ usr_cert ]
 basicConstraints       = CA:FALSE
--- a/script/create-certificate.sh
+++ b/script/create-certificate.sh
@@ -1,9 +0,0 @@
 #!/bin/bash

 openssl genrsa -des3 -out ca.key 4096

 openssl req -new \
  -x509 \
  -days 365 \
  -key ca.key \
  -out ca.crt
--- a/script/create-client-key-and-csr.sh
+++ b/script/create-client-key-and-csr.sh
@@ -1,7 +0,0 @@
 #!/bin/bash

 openssl genrsa -out client.key 2048

 openssl req -new \
  -key client.key \
  -out client.csr
--- a/script/create-server-certificate.sh
+++ b/script/create-server-certificate.sh
@@ -1,9 +0,0 @@
 #!/bin/bash

 openssl x509 -req \
  -days 365 \
  -in server.csr \
  -CA ca.crt \
  -CAkey ca.key \
  -set_serial 01 \
  -out server.crt
--- a/script/create-server-key-and-csr.sh
+++ b/script/create-server-key-and-csr.sh
@@ -1,6 +0,0 @@
 #!/bin/bash

 openssl genrsa -out server.key 4096 \
 openssl req -new \
  -key server.key \
  -out server.csr
--- a/script/sign-client-csr.sh
+++ b/script/sign-client-csr.sh
@@ -1,9 +0,0 @@
 #!/bin/bash

 openssl x509 -req \
  -days 365 \
  -in client.csr \
  -CA ca.crt \
  -CAkey ca.key \
  -set_serial 01 \
  -out client.crt