feat(onboarding): adapted certgen script to match naming

WorldHealthOrganization · Sep 29, 2023 · a1bca80 · a1bca80
1 parent 8899b81
commit a1bca80
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/scripts/certgen/README.md b/scripts/certgen/README.md
@@ -24,7 +24,7 @@ cd scripts/certgen
 Note: keep your private keys safe and secure. Do not share them with anyone. 
 
 Copy the generated certificates to the respective folders and change the file names to match the naming convention.
-If using self-signed TLS certificates, you may copy it also as CA.pem (check to have keyCertSign in the keyUsage).
+For the case of self-signed TLS certificates, the CA.pem is just a copy of the TLS.pem (check to have keyCertSign in the keyUsage).
 The CA.pem should exist, since it is used to verify the TLS client certificate when connecting to the TNG application.
 
 # Tagging for taking into use

diff --git a/scripts/certgen/gen_all_certs.sh b/scripts/certgen/gen_all_certs.sh
@@ -17,7 +17,9 @@ export OSSL_ORGANIZATIONAL_UNIT_NAME="R&D"
 # generate a new directory for each run
 subdir=$(date +%Y%m%d%H%M%S)
 mkdir -p ${subdir}
-# generate the certificates and keys for the CA, TLS, and upload
-openssl req -x509 -new -days ${DAYS_CA} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/CAprivkey.key -nodes -out ${subdir}/CAcert.pem -config sca.conf
-openssl req -x509 -new -days ${DAYS_TLS} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/TNP_TLS.key -nodes -out ${subdir}/TNP_TLS.pem -config TLSClient.conf
-openssl req -x509 -new -days ${DAYS_UPLOAD} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/TNP_UP.key -nodes -out ${subdir}/TNP_UP.pem -config uploadCert.conf
+# generate the certificates and keys for the SCA, TLS, and upload
+openssl req -x509 -new -days ${DAYS_CA} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/SCA.key -nodes -out ${subdir}/SCA.pem -config sca.conf
+openssl req -x509 -new -days ${DAYS_TLS} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/TLS.key -nodes -out ${subdir}/TLS.pem -config TLSClient.conf
+openssl req -x509 -new -days ${DAYS_UPLOAD} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/UP.key -nodes -out ${subdir}/UP.pem -config uploadCert.conf
+#special case to only place CA.pem file for self-signed TLS cert as a copy
+cat ${subdir}/TLS.pem > ${subdir}/CA.pem