diff --git a/kuksa_certificates/genCerts.sh b/kuksa_certificates/genCerts.sh index 2106fe269..4058975d2 100755 --- a/kuksa_certificates/genCerts.sh +++ b/kuksa_certificates/genCerts.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh genCAKey() { @@ -23,9 +23,12 @@ genKey() { # as some TLS client integrations cannot handle name verification towards IP-addresses # (Only client for now in KUKSA.val that has problem with IP host validation is the kuksa-client gRPC integration) genCert() { + tmp="$(mktemp)" + printf "subjectAltName=DNS:%s, DNS:localhost, IP:127.0.0.1" "$1" > "$tmp" openssl req -new -key $1.key -out $1.csr -passin pass:"temp" -subj "/C=CA/ST=Ontario/L=Ottawa/O=Eclipse.org Foundation, Inc./CN=$1/emailAddress=kuksa-dev@eclipse.org" - openssl x509 -req -in $1.csr -extfile <(printf "subjectAltName=DNS:$1, DNS:localhost, IP:127.0.0.1") -CA CA.pem -CAkey CA.key -CAcreateserial -days 365 -out $1.pem + openssl x509 -req -in $1.csr -extfile "$tmp" -CA CA.pem -CAkey CA.key -CAcreateserial -days 365 -out $1.pem openssl verify -CAfile CA.pem $1.pem + rm "$tmp" } set -e @@ -62,4 +65,3 @@ do genCert $i echo "" done - diff --git a/kuksa_certificates/jwt/recreateJWTkeyPair.sh b/kuksa_certificates/jwt/recreateJWTkeyPair.sh index dd9be9b1f..874be28a6 100755 --- a/kuksa_certificates/jwt/recreateJWTkeyPair.sh +++ b/kuksa_certificates/jwt/recreateJWTkeyPair.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright Robert Bosch GmbH, 2020. Part of the Eclipse Kuksa Project. # @@ -13,12 +13,11 @@ echo "Recreating kuksa.val key pair used for JWT verification" echo "-------------------------------------------------------" -echo -e "\nCreating private key" +printf "\nCreating private key\n" ssh-keygen -t rsa -b 4096 -m PEM -f jwt.key -q -N "" -echo -e "\nCreating public key" +printf "\nCreating public key\n" openssl rsa -in jwt.key -pubout -outform PEM -out jwt.key.pub -echo -e '\nYou can use the PRIVATE key "jwt.key" to generate new tokens using https://jwt.io or the "createToken.py" script.' +printf '\nYou can use the PRIVATE key "jwt.key" to generate new tokens using https://jwt.io or the "createToken.py" script.\n' echo 'You need to give the PUBLIC key "jwt.key.pub" to the kuksa.val server, so it can verify correctly signed JWT tokens.' -