Commit 25da2a28 authored by Xueshan Feng's avatar Xueshan Feng
Browse files

added code to upload pem bundle to a s3 bucket.

parent 3459a0a7
......@@ -2,3 +2,4 @@
*.csr
*.cnf
*.cer
*.pem
#!/bin/bash
# Script to verify
# Script to verify key, cert, rootCA chain. Generate a pem bundle for haproxy.
AWS_PROFILE=${AWS_PROFILE:-NODEFAULT}
CERT_BUCKET=${CERT_BUCKET:-DODEFAULT}
fqdn=$1
shortname=${fqdn/.stanford.edu/}
# Error checking
[ -z "$fqdn" ] && echo "Usage: ./$(basename $0) <fqdn>" && exit 1
if ! aws --profile ${AWS_PROFILE} sts get-caller-identity > /dev/null ;
then
echo "Cannot verify ${AWS_PROFILE}. Use export AWS_PROFILE=<myprofile> to set default."
exit 1
fi
if ! aws --profile ${AWS_PROFILE} s3 ls ${CERT_BUCKET} > /dev/null ;
then
echo Cannot verify ${CERT_BUCKET}.
echo use export CERT_BUCKET=s3://... to set default.
exit 1
fi
echo Checking key file $fqdn
[ ! -f $fqdn.key ] && echo "$fqdn.key doesn't exit." && exit 1
keymd5=$(openssl rsa -noout -modulus -in $fqdn.key | openssl md5)
......@@ -32,11 +49,20 @@ then
fi
echo Check CAfile. Should be in intermidate1, intermiate2,...rootca format.
if ! openssl x509 -noout -text -in words_stanford_edu_interm.cer | grep CN=InCommon ;
if ! openssl x509 -noout -text -in $interm | grep CN=InCommon ;
then
echo Haproxy needs CA bundle should be in this order: intermidate1, intermiate2,...rootca.
else
echo ""
echo "You can generate $fqdn.pem by cancadinating $cert $interm, and $fqdn.key together."
fi
for i in $cert $interm $fqdn.key
do
cat $i
echo ""
done | tr '\r' '\n' > $shortname.pem
echo "$shortname.pem is saved. "
echo "uploading to s3."
aws --profile ${AWS_PROFILE} s3 cp $shortname.pem ${CERT_BUCKET}/$shortname.pem && \
aws --profile ${AWS_PROFILE} s3 ls ${CERT_BUCKET}/haproxy-dev/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment