# along with this program. If not, see <http://www.gnu.org/licenses/>.
-if [ "x$1" = x ]; then
+set -e
+
+if test "$#" -ne 1 && test "$#" -ne 2; then
echo "Usage: $0 <hostname> [<server-certificate>]"
echo
echo "Add the server certificate <server-certificate> (as .pem file) for "
echo "is read from stdin."
echo
echo "The server certificate is NOT validated in any way, you must do "
- echo "that before using this command or you risk using a insecure "
+ echo "that before using this command or you risk using an insecure "
echo "certificate!"
echo
echo "Must be run in the tlsproxy directory where other configuration "
exit 1
fi
-tempfile=`mktemp` || exit 1
-
-die() {
- rm -f "$tempfile"
- exit 1
-}
+tempfile=`mktemp`
+trap 'rm -f "$tempfile"' EXIT
# Generate server certificate for given host.
echo 'organization = tlsproxy' > "$tempfile"
echo tls_www_server >> "$tempfile"
echo encryption_key >> "$tempfile"
echo signing_key >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-certificate \
--load-privkey proxy-key.pem \
--load-ca-certificate proxy-ca.pem \
--load-ca-privkey proxy-ca-key.pem \
--template "$tempfile" \
- --outfile "certificate-$1-proxy.pem" || die
+ --outfile "certificate-$1-proxy.pem"
rm "$tempfile"
-if [ "x$2" = x ]; then
- echo please enter server certificate
+if test "x$2" = x; then
+ echo 'Please enter server certificate (Ctrl-D to terminate input).'
cat > "certificate-$1-server.pem"
else
cp "$2" "certificate-$1-server.pem"