39 lines
711 B
Bash
Executable File
39 lines
711 B
Bash
Executable File
#!/bin/sh
|
|
# vim: set sw=4 ts=4 sts=4 et :
|
|
|
|
DAYS=90
|
|
SUBJ=/CN=localhost
|
|
ALG=EC
|
|
CURVE=secp384r1
|
|
|
|
if [ -f /etc/default/gen-nginx-cert ]; then
|
|
. /etc/default/gen-nginx-cert
|
|
fi
|
|
|
|
set -- \
|
|
-out /etc/nginx/ssl/server.key \
|
|
-algorithm "${ALG}"
|
|
|
|
case "${ALG}" in
|
|
EC)
|
|
set -- "$@" \
|
|
-pkeyopt ec_paramgen_curve:${CURVE} \
|
|
-pkeyopt ec_param_enc:named_curve
|
|
;;
|
|
RSA)
|
|
set -- "$@" \
|
|
-pkeyopt rsa_keygen_bits:${BITS:+4096}
|
|
;;
|
|
esac
|
|
|
|
rm -f /etc/nginx/ssl/server.crt /etc/nginx/ssl/server.key
|
|
: > /etc/nginx/ssl/server.key
|
|
openssl genpkey "$@"
|
|
openssl \
|
|
req -x509 \
|
|
-subj "${SUBJ}" \
|
|
-key /etc/nginx/ssl/server.key \
|
|
-out /etc/nginx/ssl/server.crt \
|
|
-sha256 \
|
|
-days "${DAYS}"
|