3 # Add new server certificates to tlsproxy (also see below).
5 # Requires certtool (from GnuTLS).
7 # Copyright (C) 2011-2012 Simon Ruderich
9 # This program is free software: you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation, either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 if [ "x$1" = x ]; then
24 echo "Usage: $0 <hostname> [<server-certificate>]"
26 echo "Add the server certificate <server-certificate> (as .pem file) for "
27 echo "<hostname> to tlsproxy. <server-certificate> is not modified."
29 echo "If <server-certificate> is not given the certificate (PEM format) "
30 echo "is read from stdin."
32 echo "The server certificate is NOT validated in any way, you must do "
33 echo "that before using this command or you risk using a insecure "
36 echo "Must be run in the tlsproxy directory where other configuration "
37 echo "files like proxy-ca.pem are stored."
41 tempfile=`mktemp` || exit 1
48 # Generate server certificate for given host.
49 echo 'organization = tlsproxy' > "$tempfile"
50 echo "cn = $1" >> "$tempfile"
51 echo tls_www_server >> "$tempfile"
52 echo encryption_key >> "$tempfile"
53 echo signing_key >> "$tempfile"
54 certtool --generate-certificate \
55 --load-privkey proxy-key.pem \
56 --load-ca-certificate proxy-ca.pem \
57 --load-ca-privkey proxy-ca-key.pem \
58 --template "$tempfile" \
59 --outfile "certificate-$1-proxy.pem" || die
62 if [ "x$2" = x ]; then
63 echo please enter server certificate
64 cat > "certificate-$1-server.pem"
66 cp "$2" "certificate-$1-server.pem"