learning
/
learn_mqtt_go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
drew/mqtt-clients
main
drew/add-droneio
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'drew/mqtt-clients'
${ noResults }
learn_mqtt_go/scripts/gen-local-tls-certs.sh

68 lines
2.3 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# https://mosquitto.org/man/mosquitto-tls-7.html
set -euo pipefail
# Set working directory to project root
cd "$(dirname "$0")/../"
CDIR=$(pwd -P)
export CDIR
MOSQUITTO_CERTS_DIR="${CDIR}/.mosquitto/certs"
TLS_CERT_DURATION="${TLS_CERT_DURATION:-365}"
CA_COMMON_NAME="${CA_COMMON_NAME:-runcible.io}"
HOSTNAME=$(hostname)
warn(){
echo -e "\nFOR LOCAL DEVELOPMENT ONLY!!! These certs do not follow best practices.\n\
Keys are not encypted! Seriously, don't use this for anything other than local development.\n"
}
generate_ca_cert(){
echo "Generating CA key in ${MOSQUITTO_CERTS_DIR}..."
openssl genpkey -algorithm RSA -out "${MOSQUITTO_CERTS_DIR}/ca.key"
echo "Generating CA cert..."
openssl req -x509 -new -nodes -key "${MOSQUITTO_CERTS_DIR}/ca.key" -sha256 -days "${TLS_CERT_DURATION}" \
-extensions v3_ca -out "${MOSQUITTO_CERTS_DIR}/ca.crt" -subj "/C=US/O=Runcible/CN=${CA_COMMON_NAME}"
echo "CA cert generation complete."
}
generate_server_cert(){
echo "Generating server key..."
openssl genrsa -out "${MOSQUITTO_CERTS_DIR}/server.key" 2048
echo "Generating cert signing request for CA..."
openssl req -out "${MOSQUITTO_CERTS_DIR}/server.csr" -key "${MOSQUITTO_CERTS_DIR}/server.key" -new \
-subj "/C=US/O=Runcible/CN=${HOSTNAME}"
echo "Sending server CSR to CA..."
openssl x509 -req -in "${MOSQUITTO_CERTS_DIR}/server.csr" -CA "${MOSQUITTO_CERTS_DIR}/ca.crt" \
-CAkey "${MOSQUITTO_CERTS_DIR}/ca.key" -CAcreateserial -out "${MOSQUITTO_CERTS_DIR}/server.crt" \
-days "${TLS_CERT_DURATION}"
echo "Server cert generation complete."
}
generate_client_cert(){
echo "Creating client cert in $CDIR"
echo "Generating client key..."
openssl genrsa -out "${CDIR}/client.key" 2048
echo "Generating client CSR for CA..."
openssl req -out "${CDIR}/client.csr" -key "${CDIR}/client.key" -new -subj "/C=US/O=Runcible/CN=localhost"
echo "Sending client CSR to CA..."
openssl x509 -req -in "${CDIR}/client.csr" -CA "${MOSQUITTO_CERTS_DIR}/ca.crt" -CAkey "${MOSQUITTO_CERTS_DIR}/ca.key" \
-CAcreateserial -out "${CDIR}/client.crt" -days "${TLS_CERT_DURATION}"
echo "Client cert generation complete."
}
warn
generate_ca_cert
generate_server_cert
generate_client_cert
warn
Reference in New Issue View Git Blame Copy Permalink