Pixelserv_cert.sh

1. #!/bin/sh
2.  
3. source /usr/sbin/helper.sh
4. SECS=1262278080
5.  
6. cd /etc
7. cp -L openssl.cnf openssl.config
8.  
9. NVCN=`nvram get https_crt_cn`
10. if [ "$NVCN" == "" ]; then
11. NVCN=`nvram get lan_ipaddr`
12. fi
13.  
14. OLDIFS=$IFS
15. IFS=","
16. I=0
17.  
18. echo "$I.organizationName=O" >> /etc/openssl.config
19. echo "$I.organizationName_value=pixelserv-tls" >> /etc/openssl.config
20.  
21. for CN in $NVCN; do
22. echo "$I.commonName=CN" >> /etc/openssl.config
23. echo "$I.commonName_value=$CN" >> /etc/openssl.config
24. I=$(($I + 1))
25. done
26. IFS=$OLDIFS
27.  
28. pc_insert "[ CA_default ]" "copy_extensions = copy" /etc/openssl.config
29. pc_insert "[ v3_ca ]" "subjectAltName = @alt_names" /etc/openssl.config
30. pc_insert "[ v3_req ]" "subjectAltName = @alt_names" /etc/openssl.config
31. pc_insert "[ v3_ca ]" "extendedKeyUsage = serverAuth" /etc/openssl.config
32.  
33. # Complete SAN definitions
34. echo "[ alt_names ]" >> /etc/openssl.config
35.  
36. I=0
37. # Add IPs to SAN
38. LANIP=`nvram get lan_ipaddr`
39. echo "IP.$I = $LANIP" >> /etc/openssl.config
40. echo "DNS.$I = $LANIP" >> /etc/openssl.config # workaround for IE not supporting IP SAN
41. I=$(($I + 1))
42.  
43. # Add DNS names to SAN
44. SWMODE=$(nvram get sw_mode)
45. if [ $SWMODE -eq 1 ] # only add DUT_DOMAIN for router mode
46. then
47. echo "DNS.$I = router.asus.com" >> /etc/openssl.config
48. I=$(($I + 1))
49. fi
50.  
51. # Add hostnames
52. LANDOMAIN=$(nvram get lan_domain)
53. LANHOSTNAME=$(nvram get lan_hostname)
54. COMPUTERNAME=$(nvram get computer_name)
55. if [ "$LANHOSTNAME" != "" ]
56. then
57. echo "DNS.$I = $LANHOSTNAME" >> /etc/openssl.config
58. I=$(($I + 1))
59.  
60. if [ "$LANDOMAIN" != "" ]
61. then
62. echo "DNS.$I = $LANHOSTNAME.$LANDOMAIN" >> /etc/openssl.config
63. I=$(($I + 1))
64. fi
65. fi
66.  
67. if [ "$COMPUTERNAME" != "" ]
68. then
69. echo "DNS.$I = $COMPUTERNAME" >> /etc/openssl.config
70. I=$(($I + 1))
71.  
72. if [ "$LANDOMAIN" != "" ]
73. then
74. echo "DNS.$I = $COMPUTERNAME.$LANDOMAIN" >> /etc/openssl.config
75. I=$(($I + 1))
76. fi
77. fi
78.  
79. # Add DDNS
80. DDNSHOSTNAME=$(nvram get ddns_hostname_x)
81. DDNSSERVER=$(nvram get ddns_server_x)
82. DDNSUSER=$(nvram get ddns_username_x)
83. if [ "$(nvram get ddns_enable_x)" == "1" -a "$DDNSSERVER" != "WWW.DNSOMATIC.COM" -a "$DDNSHOSTNAME" != "" ]
84. then
85. if [ "$DDNSSERVER" == "WWW.NAMECHEAP.COM" -a "$DDNSUSER" != "" ]
86. then
87. echo "DNS.$I = $DDNSHOSTNAME.$DDNSUSER" >> /etc/openssl.config
88. I=$(($I + 1))
89. else
90. echo "DNS.$I = $DDNSHOSTNAME" >> /etc/openssl.config
91. I=$(($I + 1))
92. fi
93. fi
94.  
95. # create the key
96. openssl genrsa -out key.pem 2048 -config /etc/openssl.config
97. # create certificate request and sign it
98. RANDFILE=/dev/urandom openssl req -new -x509 -key key.pem -sha256 -out cert.pem -days 730 -config /etc/openssl.config
99.  
100. if [ "$(nvram get https_crt_save)" == "0" ]; then
101. rm -f /etc/openssl.config
102. fi