17 lines
573 B
Bash
17 lines
573 B
Bash
# Create certificates if they do not exist yet
|
|
dir="${cfg.certificateDirectory}"
|
|
fqdn="${cfg.hostPrefix}.${cfg.domain}"
|
|
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
|
|
key="''${dir}/key-${cfg.domain}.pem";
|
|
cert="''${dir}/cert-${cfg.domain}.pem";
|
|
|
|
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
|
|
then
|
|
mkdir -p "${cfg.certificateDirectory}"
|
|
(umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "''${key}" 2048) &&
|
|
"${pkgs.openssl}/bin/openssl" req -new -key "''${key}" -x509 -subj "/CN=''${fqdn}" \
|
|
-days 3650 -out "''${cert}"
|
|
fi
|
|
|
|
# vim: set filetype=sh
|