#!/bin/sh
# Add new server certificates to tlsproxy (also see below).
#
# Requires certtool (from GnuTLS).
#
# Copyright (C) 2011-2013 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
if [ "x$1" = x ]; then
echo "Usage: $0 []"
echo
echo "Add the server certificate (as .pem file) for "
echo " to tlsproxy. is not modified."
echo
echo "If is not given the certificate (PEM format) "
echo "is read from stdin."
echo
echo "The server certificate is NOT validated in any way, you must do "
echo "that before using this command or you risk using a insecure "
echo "certificate!"
echo
echo "Must be run in the tlsproxy directory where other configuration "
echo "files like proxy-ca.pem are stored."
exit 1
fi
tempfile=`mktemp` || exit 1
die() {
rm -f "$tempfile"
exit 1
}
# Generate server certificate for given host.
echo 'organization = tlsproxy' > "$tempfile"
echo "cn = $1" >> "$tempfile"
echo tls_www_server >> "$tempfile"
echo encryption_key >> "$tempfile"
echo signing_key >> "$tempfile"
certtool --generate-certificate \
--load-privkey proxy-key.pem \
--load-ca-certificate proxy-ca.pem \
--load-ca-privkey proxy-ca-key.pem \
--template "$tempfile" \
--outfile "certificate-$1-proxy.pem" || die
rm "$tempfile"
if [ "x$2" = x ]; then
echo please enter server certificate
cat > "certificate-$1-server.pem"
else
cp "$2" "certificate-$1-server.pem"
fi
echo done