Merge branch 'master' into master

author: Lorenz <12514511+RincewindsHat@users.noreply.github.com> 2023-03-10 10:33:25 (GMT)
committer: GitHub <noreply@github.com> 2023-03-10 10:33:25 (GMT)
commit: 5077120a251980b4fafed61b4aa8fa5730a85443 (patch)
tree: 8500b8f5dbe774b399cfdc79f5665ba88ef7f255 /plugins/tests/certs/generate-certs.sh
parent: a3de84594104ac87a91e200d569fb57edacca928 (diff)
parent: 269718094177fb8a7e3d3005d1310495009fe8c4 (diff)
download: monitoring-plugins-5077120a251980b4fafed61b4aa8fa5730a85443.tar.gz
1 files changed, 63 insertions, 0 deletions
diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh
new file mode 100755
index 0000000..78660a2
--- /dev/null
+++ b/plugins/tests/certs/generate-certs.sh
@@ -0,0 +1,63 @@
+#!/bin/sh -e
+#
+# Recreates the https server certificates
+#
+# Set the GEN_EXPIRED environment variable to also regenerate
+# the expired certificate.
+cd "$(dirname "$0")"
+trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
+subj() {
+        c="DE"
+        st="Bavaria"
+        l="Munich"
+        o="Monitoring Plugins"
+        cn="Monitoring Plugins"
+        emailAddress="devel@monitoring-plugins.org"
+        if [ -n "$1" ]; then
+                # Add to CN
+                cn="$cn $1"
+        fi
+        printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
+                "$c" "$st" "$l" "$o" "$cn" "$emailAddress"
+}
+# server
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout server-key.pem -out server-cert.pem \
+        -subj "$(subj)"
+# server, expired
+# there is generally no need to regenerate this, as it will stay epxired
+[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
+        openssl req -new -x509 -days 1 -nodes \
+                -keyout expired-key.pem -out expired-cert.pem \
+                -subj "$(subj)"
+# client, ca
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout clientca-key.pem -out clientca-cert.pem \
+        -subj "$(subj ClientCA)"
+echo "01" >clientca-cert.srl
+# client
+openssl req -new -nodes \
+        -keyout client-key.pem -out client-cert.csr \
+        -subj "$(subj Client)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in client-cert.csr -out client-cert.pem
+# client, intermediate
+openssl req -new -nodes \
+        -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
+        -subj "$(subj ClientIntermediate)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -extfile ext.cnf -extensions client_ca \
+        -in clientintermediate-cert.csr -out clientintermediate-cert.pem
+# client, chain
+openssl req -new -nodes \
+        -keyout clientchain-key.pem -out clientchain-cert.csr \
+        -subj "$(subj ClientChain)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in clientchain-cert.csr -out clientchain-cert.pem
+cat clientintermediate-cert.pem >>clientchain-cert.pem
author	Lorenz <12514511+RincewindsHat@users.noreply.github.com>	2023-03-10 10:33:25 (GMT)
committer	GitHub <noreply@github.com>	2023-03-10 10:33:25 (GMT)
commit	5077120a251980b4fafed61b4aa8fa5730a85443 (patch)
tree	8500b8f5dbe774b399cfdc79f5665ba88ef7f255 /plugins/tests/certs/generate-certs.sh
parent	a3de84594104ac87a91e200d569fb57edacca928 (diff)
parent	269718094177fb8a7e3d3005d1310495009fe8c4 (diff)
download	monitoring-plugins-5077120a251980b4fafed61b4aa8fa5730a85443.tar.gz

diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh new file mode 100755 index 0000000..78660a2 --- /dev/null +++ b/plugins/tests/certs/generate-certs.sh
@@ -0,0 +1,63 @@
	1	#!/bin/sh -e
	2	#
	3	# Recreates the https server certificates
	4	#
	5	# Set the GEN_EXPIRED environment variable to also regenerate
	6	# the expired certificate.
	7
	8	cd "$(dirname "$0")"
	9	trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
	10
	11	subj() {
	12	c="DE"
	13	st="Bavaria"
	14	l="Munich"
	15	o="Monitoring Plugins"
	16	cn="Monitoring Plugins"
	17	emailAddress="devel@monitoring-plugins.org"
	18
	19	if [ -n "$1" ]; then
	20	# Add to CN
	21	cn="$cn $1"
	22	fi
	23
	24	printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
	25	"$c" "$st" "$l" "$o" "$cn" "$emailAddress"
	26	}
	27
	28	# server
	29	openssl req -new -x509 -days 3560 -nodes \
	30	-keyout server-key.pem -out server-cert.pem \
	31	-subj "$(subj)"
	32	# server, expired
	33	# there is generally no need to regenerate this, as it will stay epxired
	34	[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
	35	openssl req -new -x509 -days 1 -nodes \
	36	-keyout expired-key.pem -out expired-cert.pem \
	37	-subj "$(subj)"
	38
	39	# client, ca
	40	openssl req -new -x509 -days 3560 -nodes \
	41	-keyout clientca-key.pem -out clientca-cert.pem \
	42	-subj "$(subj ClientCA)"
	43	echo "01" >clientca-cert.srl
	44	# client
	45	openssl req -new -nodes \
	46	-keyout client-key.pem -out client-cert.csr \
	47	-subj "$(subj Client)"
	48	openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
	49	-in client-cert.csr -out client-cert.pem
	50	# client, intermediate
	51	openssl req -new -nodes \
	52	-keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
	53	-subj "$(subj ClientIntermediate)"
	54	openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
	55	-extfile ext.cnf -extensions client_ca \
	56	-in clientintermediate-cert.csr -out clientintermediate-cert.pem
	57	# client, chain
	58	openssl req -new -nodes \
	59	-keyout clientchain-key.pem -out clientchain-cert.csr \
	60	-subj "$(subj ClientChain)"
	61	openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
	62	-in clientchain-cert.csr -out clientchain-cert.pem
	63	cat clientintermediate-cert.pem >>clientchain-cert.pem