summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaxim Devaev <[email protected]>2022-06-24 03:46:18 +0300
committerMaxim Devaev <[email protected]>2022-06-24 03:46:18 +0300
commitc85e3f939f5343775675c15f10e51461e27f1e65 (patch)
treee65d23ca417542452de21c7c73db2dc538a81d5a
parent3e5bcc752c9defc5d520ec313d4f7ae34b46afb3 (diff)
cleanup old certs in kvmd-gencert
-rwxr-xr-xscripts/kvmd-gencert32
1 files changed, 16 insertions, 16 deletions
diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert
index c0a6e720..d6fd724a 100755
--- a/scripts/kvmd-gencert
+++ b/scripts/kvmd-gencert
@@ -22,8 +22,9 @@
set -e
+export LC_ALL=C
-if [ `whoami` != root ]; then
+if [ "$(whoami)" != root ]; then
echo "Only root can do that"
exit 1
fi
@@ -36,28 +37,27 @@ if [ "$1" != --do-the-thing ]; then
exit 1
fi
-target="nginx"
+target=nginx
if [ "$2" == --vnc ]; then
- target="vnc"
+ target=vnc
fi
-
-# XXX: Why ECC?
-# https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
-# https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
-# https://msol.io/blog/tech/create-a-self-signed-ecc-certificate
+path="/etc/kvmd/$target/ssl"
set -x
-export LC_ALL=C
-
-mkdir -p /etc/kvmd/$target/ssl
-cd /etc/kvmd/$target/ssl
+mkdir -p "$path"
+rm -f "$path"/*
+cd "$path"
+# XXX: Why ECC?
+# - https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
+# - https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
+# - https://msol.io/blog/tech/create-a-self-signed-ecc-certificate
openssl ecparam -out server.key -name prime256v1 -genkey
openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
-subj "/C=RU/ST=Moscow/L=Moscow/O=PiKVM/OU=PiKVM/CN=localhost"
-chown root:kvmd-$target /etc/kvmd/$target/ssl/*
-chmod 440 server.key
-chmod 444 server.crt
-chmod 755 /etc/kvmd/$target/ssl
+chown "root:kvmd-$target" "$path"/*
+chmod 440 "$path/server.key"
+chmod 444 "$path/server.crt"
+chmod 755 "$path"