Check if fullchain_with_key.pem already exists

aledbf · aledbf · commit 71b105368760 · 2024-01-26T02:43:12.000Z
diff --git a/create_ca_cert.sh b/create_ca_cert.sh
@@ -22,17 +22,17 @@ CN_CA=${CN_CA:0:64}
 CN_IA=${CN_IA:0:64}
 CN_WEB=${CN_WEB:0:64}
 
-mkdir -p /certs /ca
+mkdir -p /ca /certs
 cd /ca
 
 CA_KEY_FILE=${CA_KEY_FILE:-/ca/ca.key}
 CA_CRT_FILE=${CA_CRT_FILE:-/ca/ca.crt}
 CA_SRL_FILE=${CA_SRL_FILE:-/ca/ca.srl}
 
-if [ -f "$CA_CRT_FILE" ] ; then
+if [ -f "$CA_CRT_FILE" ]; then
     logInfo "CA already exists. Good. We'll reuse it."
-    if [ ! -f "$CA_SRL_FILE" ] ; then
-        echo 01 > ${CA_SRL_FILE}
+    if [ ! -f "$CA_SRL_FILE" ]; then
+        echo 01 >${CA_SRL_FILE}
     fi
 else
     logInfo "No CA was found. Generating one."
@@ -42,7 +42,7 @@ else
 
     logInfo "generate CA cert with key and self sign it: ${CAID}"
     openssl req -new -x509 -days 1300 -sha256 -key ${CA_KEY_FILE} -out ${CA_CRT_FILE} -passin pass:foobar -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=ME/OU=IT/CN=${CN_CA}" -extensions IA -config <(
-cat <<-EOF
+        cat <<-EOF
 [req]
 distinguished_name = dn
 [dn]
@@ -51,23 +51,24 @@ basicConstraints = critical,CA:TRUE
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 subjectKeyIdentifier = hash
 EOF
-)
+    )
 
     [[ ${DEBUG} -gt 0 ]] && logInfo "show the CA cert details"
     [[ ${DEBUG} -gt 0 ]] && openssl x509 -noout -text -in ${CA_CRT_FILE}
 
-    echo 01 > ${CA_SRL_FILE}
+    echo 01 >${CA_SRL_FILE}
 
 fi
 
 cd /certs
 
-logInfo "Generate IA key"
-openssl genrsa -des3 -passout pass:foobar -out ia.key 4096 &> /dev/null
+if [ -f "fullchain_with_key.pem" ]; then
+    logInfo "Generate IA key"
+    openssl genrsa -des3 -passout pass:foobar -out ia.key 4096 &>/dev/null
 
-logInfo "Create a signing request for the IA: ${CAID}"
-openssl req -new -key ia.key -out ia.csr -passin pass:foobar -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=ME/OU=IT/CN=${CN_IA}" -reqexts IA -config <(
-cat <<-EOF
+    logInfo "Create a signing request for the IA: ${CAID}"
+    openssl req -new -key ia.key -out ia.csr -passin pass:foobar -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=ME/OU=IT/CN=${CN_IA}" -reqexts IA -config <(
+        cat <<-EOF
 [req]
 distinguished_name = dn
 [dn]
@@ -76,14 +77,14 @@ basicConstraints = critical,CA:TRUE,pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 subjectKeyIdentifier = hash
 EOF
-)
+    )
 
-[[ ${DEBUG} -gt 0 ]] && logInfo "Show the singing request, to make sure extensions are there"
-[[ ${DEBUG} -gt 0 ]] && openssl req -in ia.csr -noout -text
+    [[ ${DEBUG} -gt 0 ]] && logInfo "Show the singing request, to make sure extensions are there"
+    [[ ${DEBUG} -gt 0 ]] && openssl req -in ia.csr -noout -text
 
-logInfo "Sign the IA request with the CA cert and key, producing the IA cert"
-openssl x509 -req -days 730 -in ia.csr -CA ${CA_CRT_FILE} -CAkey ${CA_KEY_FILE} -CAserial ${CA_SRL_FILE} -out ia.crt -passin pass:foobar -extensions IA -extfile <(
-cat <<-EOF
+    logInfo "Sign the IA request with the CA cert and key, producing the IA cert"
+    openssl x509 -req -days 730 -in ia.csr -CA ${CA_CRT_FILE} -CAkey ${CA_KEY_FILE} -CAserial ${CA_SRL_FILE} -out ia.crt -passin pass:foobar -extensions IA -extfile <(
+        cat <<-EOF
 [req]
 distinguished_name = dn
 [dn]
@@ -92,33 +93,33 @@ basicConstraints = critical,CA:TRUE,pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 subjectKeyIdentifier = hash
 EOF
-) &> /dev/null
+    ) &>/dev/null
 
+    [[ ${DEBUG} -gt 0 ]] && logInfo "show the IA cert details"
+    [[ ${DEBUG} -gt 0 ]] && openssl x509 -noout -text -in ia.crt
 
-[[ ${DEBUG} -gt 0 ]] && logInfo "show the IA cert details"
-[[ ${DEBUG} -gt 0 ]] && openssl x509 -noout -text -in ia.crt
+    logInfo "Initialize the serial number for signed certificates"
+    echo 01 >ia.srl
 
-logInfo "Initialize the serial number for signed certificates"
-echo 01 > ia.srl
+    logInfo "Create the key (w/o passphrase..)"
+    openssl genrsa -des3 -passout pass:foobar -out web.orig.key 2048 &>/dev/null
+    openssl rsa -passin pass:foobar -in web.orig.key -out web.key &>/dev/null
 
-logInfo "Create the key (w/o passphrase..)"
-openssl genrsa -des3 -passout pass:foobar -out web.orig.key 2048 &> /dev/null
-openssl rsa -passin pass:foobar -in web.orig.key -out web.key  &> /dev/null
+    logInfo "Create the signing request, using extensions"
+    openssl req -new -key web.key -sha256 -out web.csr -passin pass:foobar -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=ME/OU=IT/CN=${CN_WEB}" -reqexts SAN -config <(cat <(printf "[req]\ndistinguished_name = dn\n[dn]\n[SAN]\nsubjectAltName=${ALLDOMAINS}"))
 
-logInfo "Create the signing request, using extensions"
-openssl req -new -key web.key -sha256 -out web.csr -passin pass:foobar -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=ME/OU=IT/CN=${CN_WEB}" -reqexts SAN -config <(cat <(printf "[req]\ndistinguished_name = dn\n[dn]\n[SAN]\nsubjectAltName=${ALLDOMAINS}"))
+    [[ ${DEBUG} -gt 0 ]] && logInfo "Show the singing request, to make sure extensions are there"
+    [[ ${DEBUG} -gt 0 ]] && openssl req -in web.csr -noout -text
 
-[[ ${DEBUG} -gt 0 ]] && logInfo "Show the singing request, to make sure extensions are there"
-[[ ${DEBUG} -gt 0 ]] && openssl req -in web.csr -noout -text
+    logInfo "Sign the request, using the intermediate cert and key"
+    openssl x509 -req -days 365 -in web.csr -CA ia.crt -CAkey ia.key -out web.crt -passin pass:foobar -extensions SAN -extfile <(cat <(printf "[req]\ndistinguished_name = dn\n[dn]\n[SAN]\nsubjectAltName=${ALLDOMAINS}")) &>/dev/null
 
-logInfo "Sign the request, using the intermediate cert and key"
-openssl x509 -req -days 365 -in web.csr -CA ia.crt -CAkey ia.key -out web.crt -passin pass:foobar -extensions SAN -extfile <(cat <(printf "[req]\ndistinguished_name = dn\n[dn]\n[SAN]\nsubjectAltName=${ALLDOMAINS}"))  &> /dev/null
+    [[ ${DEBUG} -gt 0 ]] && logInfo "Show the final cert details"
+    [[ ${DEBUG} -gt 0 ]] && openssl x509 -noout -text -in web.crt
 
-[[ ${DEBUG} -gt 0 ]] && logInfo "Show the final cert details"
-[[ ${DEBUG} -gt 0 ]] && openssl x509 -noout -text -in web.crt
+    logInfo "Concatenating fullchain.pem..."
+    cat web.crt ia.crt ${CA_CRT_FILE} >fullchain.pem
 
-logInfo "Concatenating fullchain.pem..."
-cat web.crt ia.crt ${CA_CRT_FILE}  > fullchain.pem
-
-logInfo "Concatenating fullchain_with_key.pem"
-cat fullchain.pem web.key > fullchain_with_key.pem
+    logInfo "Concatenating fullchain_with_key.pem"
+    cat fullchain.pem web.key >fullchain_with_key.pem
+fi
