tls_ca() {
- if [ "$1" = "rootCA" ] ; then
- if [ -z $2 ] ; then
- # use default
- CA_BASE=$ETCDIR/tls
- else
- CA_BASE=`(cd $2;pwd)`
- fi
+ case $1 in
+ "rootCA")
+ if [ -z $2 ] ; then
+ # use default
+ CA_BASE=$ETCDIR/tls
+ else
+ CA_BASE=`(cd $2;pwd)`
+ fi
- if [ ! -d $CA_BASE ] ; then
- merr "Config directory ($CA_BASE) does not exist"
- exit 1
- fi
+ if [ ! -d $CA_BASE ] ; then
+ merr "Config directory ($CA_BASE) does not exist"
+ exit 1
+ fi
- CA_CONF='ca.conf'
- CA_PATH=$CA_BASE/rootCA
- if [ ! -f $CA_BASE/$CA_CONF ] ; then
- merr "root CA config file ($CA_BASE/$CA_CONF) does not exist"
- exit 1
- fi
+ CA_CONF='ca.conf'
+ CA_PATH=$CA_BASE/rootCA
+ if [ ! -f $CA_BASE/$CA_CONF ] ; then
+ merr "root CA config file ($CA_BASE/$CA_CONF) does not exist"
+ exit 1
+ fi
+
+ if [ -d $CA_PATH ] ; then
+ mwarn "root CA directory ($CA_PATH) exists! Remove it (y/n)?"
+ read X
+ if [ "$X" != "y" -a "$X" != "Y" ] ; then
+ exit 1
+ fi
+ fi
- if [ -d $CA_PATH ] ; then
- mwarn "root CA directory ($CA_PATH) exists! Remove it (y/n)?"
- read X
- if [ "$X" != "y" -a "$X" != "Y" ] ; then
+ mecho "Creating directory $CA_PATH and its sub-tree"
+ mkdir -p $CA_PATH
+ if [ $? -ne 0 ] ; then
+ merr "Failed to create root directory $CA_PATH"
exit 1
fi
- fi
+ rm -fr "${CA_PATH:?}"/*
+ mkdir $CA_PATH/private
+ mkdir $CA_PATH/certs
+ touch $CA_PATH/index.txt
+ echo 01 >$CA_PATH/serial
- mecho "Creating directory $CA_PATH and its sub-tree"
- mkdir -p $CA_PATH
- if [ $? -ne 0 ] ; then
- merr "Failed to create root directory $CA_PATH"
- exit 1
- fi
- rm -fr "${CA_PATH:?}"/*
- mkdir $CA_PATH/private
- mkdir $CA_PATH/certs
- touch $CA_PATH/index.txt
- echo 01 >$CA_PATH/serial
-
- mecho "Creating CA self-signed certificate"
- ( cd $CA_PATH; openssl req -config $CA_BASE/$CA_CONF -x509 -newkey \
- rsa:2048 -days 365 -out ./cacert.pem -outform PEM )
- if [ $? -ne 0 ] ; then
- merr "Failed to create self-signed certificate"
- exit 1
- fi
+ mecho "Creating CA self-signed certificate"
+ ( cd $CA_PATH; openssl req -config $CA_BASE/$CA_CONF -x509 -newkey \
+ rsa:2048 -days 365 -out ./cacert.pem -outform PEM )
+ if [ $? -ne 0 ] ; then
+ merr "Failed to create self-signed certificate"
+ exit 1
+ fi
- mecho "Protecting CA private key"
- chmod 600 $CA_PATH/private/cakey.pem
+ mecho "Protecting CA private key"
+ chmod 600 $CA_PATH/private/cakey.pem
- mecho "DONE"
- minfo "Private key can be found in $CA_PATH/private/cakey.pem"
- minfo "Certificate can be found in $CA_PATH/cacert.pem"
+ mecho "DONE"
+ minfo "Private key can be found in $CA_PATH/private/cakey.pem"
+ minfo "Certificate can be found in $CA_PATH/cacert.pem"
+ ;;
- elif [ "$1" = "userCERT" ] ; then
+ "userCERT")
+ if [ -z $2 ] ; then
+ merr "Missing user name parameter"
+ exit 1
+ fi
- if [ -z $2 ] ; then
- merr "Missing user name parameter"
- exit 1
- fi
+ if [ -z $3 ] ; then
+ # use default
+ CA_BASE=$ETCDIR/tls
+ else
+ CA_BASE=`(cd $3;pwd)`
+ fi
- if [ -z $3 ] ; then
- # use default
- CA_BASE=$ETCDIR/tls
- else
- CA_BASE=`(cd $3;pwd)`
- fi
+ if [ ! -d $CA_BASE ] ; then
+ merr "Config directory ($CA_BASE) does not exist"
+ exit 1
+ fi
- if [ ! -d $CA_BASE ] ; then
- merr "Config directory ($CA_BASE) does not exist"
- exit 1
- fi
+ USER_DIR=$CA_BASE/$2
+ USER_CFG=$CA_BASE/$2.conf
+ USER=$2
+ REQ_CFG=$CA_BASE/request.conf
- USER_DIR=$CA_BASE/$2
- USER_CFG=$CA_BASE/$2.conf
- USER=$2
- REQ_CFG=$CA_BASE/request.conf
+ if [ ! -f $USER_CFG ] ; then
+ merr "User config file $USER_CFG not found"
+ exit 1
+ fi
- if [ ! -f $USER_CFG ] ; then
- merr "User config file $USER_CFG not found"
- exit 1
- fi
+ if [ ! -f $REQ_CFG ] ; then
+ merr "Request config file $REQ_CFG not found"
+ exit 1
+ fi
- if [ ! -f $REQ_CFG ] ; then
- merr "Request config file $REQ_CFG not found"
- exit 1
- fi
+ mecho "Using config file $USER_CFG"
- mecho "Using config file $USER_CFG"
+ if [ -d $USER_DIR ] ; then
+ mwarn "User CERT directory ($USER_DIR) exists! Remove it (y/n)?"
+ read X
+ if [ "$X" != "y" -a "$X" != "Y" ] ; then
+ exit 1
+ fi
+ fi
- if [ -d $USER_DIR ] ; then
- mwarn "User CERT directory ($USER_DIR) exists! Remove it (y/n)?"
- read X
- if [ "$X" != "y" -a "$X" != "Y" ] ; then
+ mecho "Creating directory $USER_DIR"
+ mkdir -p $USER_DIR
+ if [ $? -ne 0 ] ; then
+ merr "Failed to create user directory $USER_DIR "
exit 1
fi
- fi
+ rm -fr "${USER_DIR:?}"/*
- mecho "Creating directory $USER_DIR"
- mkdir -p $USER_DIR
- if [ $? -ne 0 ] ; then
- merr "Failed to create user directory $USER_DIR "
- exit 1
- fi
- rm -fr "${USER_DIR:?}"/*
+ mecho "Creating user certificate request"
+ openssl req -config $USER_CFG -out $USER_DIR/$USER-cert_req.pem \
+ -keyout $USER_DIR/$USER-privkey.pem -new -nodes
+ if [ $? -ne 0 ] ; then
+ merr "Failed to generate certificate request"
+ exit 1
+ fi
- mecho "Creating user certificate request"
- openssl req -config $USER_CFG -out $USER_DIR/$USER-cert_req.pem \
- -keyout $USER_DIR/$USER-privkey.pem -new -nodes
- if [ $? -ne 0 ] ; then
- merr "Failed to generate certificate request"
- exit 1
- fi
+ mecho "Signing certificate request"
+ ( cd $CA_BASE ; openssl ca -config $REQ_CFG -in \
+ $USER_DIR/$USER-cert_req.pem -out $USER_DIR/$USER-cert.pem )
+ if [ $? -ne 0 ] ; then
+ merr "Failed to generate certificate request"
+ exit 1
+ fi
- mecho "Signing certificate request"
- ( cd $CA_BASE ; openssl ca -config $REQ_CFG -in \
- $USER_DIR/$USER-cert_req.pem -out $USER_DIR/$USER-cert.pem )
- if [ $? -ne 0 ] ; then
- merr "Failed to generate certificate request"
- exit 1
- fi
+ mecho "Generating CA list"
+ cat $CA_BASE/rootCA/cacert.pem >> $USER_DIR/$USER-calist.pem
- mecho "Generating CA list"
- cat $CA_BASE/rootCA/cacert.pem >> $USER_DIR/$USER-calist.pem
+ mecho "DONE"
+ minfo "Private key is locate at $USER_DIR/$USER-privkey.pem "
+ minfo "Certificate is locate at $USER_DIR/$USER-cert.pem "
+ minfo "CA-List is locate at $USER_DIR/$USER-calist.pem "
+ ;;
- mecho "DONE"
- minfo "Private key is locate at $USER_DIR/$USER-privkey.pem "
- minfo "Certificate is locate at $USER_DIR/$USER-cert.pem "
- minfo "CA-List is locate at $USER_DIR/$USER-calist.pem "
+ "gen-certs")
+ mecho "Generating self signed certificates"
+ if [ -z "$CERTDAYS" ] ; then
+ CERTDAYS=365
+ fi
+ if [ -n "$2" ] ; then
+ openssl req -x509 -newkey rsa:4096 -nodes -subj "/CN=${2}" -keyout kamailio-selfsigned.key -out kamailio-selfsigned.pem -days ${CERTDAYS}
+ else
+ openssl req -x509 -newkey rsa:4096 -nodes -keyout kamailio-selfsigned.key -out kamailio-selfsigned.pem -days ${CERTDAYS}
+ fi
+ ;;
- elif [ "$1" = "gen-certs" ] ; then
- mecho "Generating self signed certificates"
- if [ -z "$CERTDAYS" ] ; then
- CERTDAYS=365
- fi
- if [ -n "$2" ] ; then
- openssl req -x509 -newkey rsa:4096 -nodes -subj "/CN=${2}" -keyout kamailio-selfsigned.key -out kamailio-selfsigned.pem -days ${CERTDAYS}
- else
- openssl req -x509 -newkey rsa:4096 -nodes -keyout kamailio-selfsigned.key -out kamailio-selfsigned.pem -days ${CERTDAYS}
- fi
- else
- merr "unknown TLS command $1"
- usage_tls
- exit 1
- fi
+ *)
+ merr "unknown TLS command $1"
+ usage_tls
+ ;;
+ esac
}
extcmd() {
projects / sip-router / commitdiff