@@ -11,7 +11,7 @@ if [[ "$#" -eq 0 ]]; then
1111
1212 You can also create certificates for wildcard domains:
1313 $( basename $0 )
14-
14+
1515 EOF
1616 exit 0
1717else
2424# Create a nginx container (which conveniently provides the `openssl` command)
2525# ##############################################################################
2626
27- CONTAINER=$( docker run -d -v $DIR :/work -w /work -e SAN=" $ALTERNATE_DOMAINS " 8 )
28- # Configure openssl
27+ CONTAINER=$( docker run -d -v $DIR :/work -w /work -e SAN=" $ALTERNATE_DOMAINS " 13 )
28+ # Configure openssl
2929docker exec $CONTAINER bash -c '
3030 mkdir -p /ca/{certs,crl,private,newcerts} 2>/dev/null
3131 echo 1000 > /ca/serial
@@ -117,7 +117,7 @@ function openssl {
117117}
118118
119119function exitfail {
120- echo
120+ echo
121121 echo ERROR: " $@ "
122122 docker rm -f $CONTAINER
123123 exit 1
@@ -129,15 +129,15 @@ function exitfail {
129129# ##############################################################################
130130
131131if ! [[ -f " $DIR /ca-root.key" ; then
132- echo
132+ echo
133133 echo " > Create a Certificate Authority root key: $DIR /ca-root.key"
134134 openssl genrsa -out ca-root.key 2048
135135 [[ $? -eq 0 ]] || exitfail failed to generate CA root key
136136fi
137137
138- # Create a CA root certificate
138+ # Create a CA root certificate
139139if ! [[ -f " $DIR /ca-root.crt" ; then
140- echo
140+ echo
141141 echo " > Create a CA root certificate: $DIR /ca-root.crt"
142142 openssl req -config /ca/openssl.cnf \
143143 -key ca-root.key \
154154# create server key and certificate signed by the certificate authority
155155# ##############################################################################
156156
157- echo
157+ echo
158158echo " > Create a host key: $DIR /$DOMAIN .key"
159159openssl genrsa -out " $DOMAIN .key"
160160
161- echo
161+ echo
162162echo " > Create a host certificate signing request"
163163
164164SAN=" $ALTERNATE_DOMAINS "
165165 -key " $DOMAIN .key"
166- -new -out " /ca/$DOMAIN .csr" " /CN=$DOMAIN "
166+ -new -out " /ca/$DOMAIN .csr" " /CN=$DOMAIN "
167167 [[ $? -eq 0 ]] || exitfail failed to generate server certificate signing request
168168
169- echo
169+ echo
170170echo " > Create server certificate: $DIR /$DOMAIN .crt"
171171SAN=" $ALTERNATE_DOMAINS "
172172 -extensions server_cert \
173173 -extensions san_env \
174174 -in " /ca/$DOMAIN .csr"
175- -out " $DOMAIN .crt"
175+ -out " $DOMAIN .crt"
176176 [[ $? -eq 0 ]] || exitfail failed to generate server certificate
177177
178178
179179# Verify host certificate
180- # openssl x509 -noout -text -in "$DOMAIN.crt"
180+ # openssl x509 -noout -text -in "$DOMAIN.crt"
181181
182182
183183docker rm -f $CONTAINER > /dev/null
0 commit comments