diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-04-12 16:25:53 +0200 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-04-22 21:35:30 +0200 |
| commit | 7d3c1bd972c67af3f5006bd02e8ed3655f16bfc7 (patch) | |
| tree | b636d166aeee551c0d1088ae821ae593f8110cb5 /tests/common/acme/certs/generate.ca | |
| parent | update.sh: Also run `nix flake update` (diff) | |
| download | nixos-server-7d3c1bd972c67af3f5006bd02e8ed3655f16bfc7.zip | |
tests/email-dns: Factor out all of the secrets/acme stuff into a common dir
This makes it easier to re-use this test data for various tests.
Diffstat (limited to 'tests/common/acme/certs/generate.ca')
| -rwxr-xr-x | tests/common/acme/certs/generate.ca | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/common/acme/certs/generate.ca b/tests/common/acme/certs/generate.ca new file mode 100755 index 0000000..92832c5 --- /dev/null +++ b/tests/common/acme/certs/generate.ca @@ -0,0 +1,38 @@ +#! /usr/bin/env sh + +# Take the correct binary to create the certificates +CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) +if [ -z "$CERTTOOL" ]; then + echo "ERROR: No certtool found" >&2 + exit 1 +fi + +# Create a CA key. +$CERTTOOL \ + --generate-privkey \ + --sec-param "$SEC_PARAM" \ + --key-type "$KEY_TYPE" \ + --outfile ca.key.pem + +chmod 600 ca.key.pem + +# Sign a CA cert. +cat <<EOF >ca.template +country = $COUNTRY +dns_name = "$SAN" +expiration_days = $EXPIRATION_DAYS +organization = $ORGANIZATION +ca +EOF +#state = $STATE +#locality = $LOCALITY + +$CERTTOOL \ + --generate-self-signed \ + --load-privkey ca.key.pem \ + --template ca.template \ + --outfile ca.cert.pem + +chmod 600 ca.cert.pem + +# vim: ft=sh |