Commit 25da2a28 authored by Xueshan Feng's avatar Xueshan Feng
Browse files

added code to upload pem bundle to a s3 bucket.

parent 3459a0a7
...@@ -2,3 +2,4 @@ ...@@ -2,3 +2,4 @@
*.csr *.csr
*.cnf *.cnf
*.cer *.cer
*.pem
#!/bin/bash #!/bin/bash
# Script to verify # Script to verify key, cert, rootCA chain. Generate a pem bundle for haproxy.
AWS_PROFILE=${AWS_PROFILE:-NODEFAULT}
CERT_BUCKET=${CERT_BUCKET:-DODEFAULT}
fqdn=$1 fqdn=$1
shortname=${fqdn/.stanford.edu/}
# Error checking
[ -z "$fqdn" ] && echo "Usage: ./$(basename $0) <fqdn>" && exit 1 [ -z "$fqdn" ] && echo "Usage: ./$(basename $0) <fqdn>" && exit 1
if ! aws --profile ${AWS_PROFILE} sts get-caller-identity > /dev/null ;
then
echo "Cannot verify ${AWS_PROFILE}. Use export AWS_PROFILE=<myprofile> to set default."
exit 1
fi
if ! aws --profile ${AWS_PROFILE} s3 ls ${CERT_BUCKET} > /dev/null ;
then
echo Cannot verify ${CERT_BUCKET}.
echo use export CERT_BUCKET=s3://... to set default.
exit 1
fi
echo Checking key file $fqdn echo Checking key file $fqdn
[ ! -f $fqdn.key ] && echo "$fqdn.key doesn't exit." && exit 1 [ ! -f $fqdn.key ] && echo "$fqdn.key doesn't exit." && exit 1
keymd5=$(openssl rsa -noout -modulus -in $fqdn.key | openssl md5) keymd5=$(openssl rsa -noout -modulus -in $fqdn.key | openssl md5)
...@@ -32,11 +49,20 @@ then ...@@ -32,11 +49,20 @@ then
fi fi
echo Check CAfile. Should be in intermidate1, intermiate2,...rootca format. echo Check CAfile. Should be in intermidate1, intermiate2,...rootca format.
if ! openssl x509 -noout -text -in words_stanford_edu_interm.cer | grep CN=InCommon ; if ! openssl x509 -noout -text -in $interm | grep CN=InCommon ;
then then
echo Haproxy needs CA bundle should be in this order: intermidate1, intermiate2,...rootca. echo Haproxy needs CA bundle should be in this order: intermidate1, intermiate2,...rootca.
else else
echo "" echo ""
echo "You can generate $fqdn.pem by cancadinating $cert $interm, and $fqdn.key together."
fi fi
for i in $cert $interm $fqdn.key
do
cat $i
echo ""
done | tr '\r' '\n' > $shortname.pem
echo "$shortname.pem is saved. "
echo "uploading to s3."
aws --profile ${AWS_PROFILE} s3 cp $shortname.pem ${CERT_BUCKET}/$shortname.pem && \
aws --profile ${AWS_PROFILE} s3 ls ${CERT_BUCKET}/haproxy-dev/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment