Fixed ca cert issue on api

2025-04-12 08:57:27 -04:00
parent 74fa7da751
commit 165b5e6e1e
16 changed files with 211 additions and 622 deletions
--- a/scripts/generate_cert.sh
+++ b/scripts/generate_cert.sh
@@ -13,20 +13,59 @@ SSL_DIR="./ssl"
 # Create directory if it doesn't exist
 mkdir -p "$SSL_DIR"

-KEY_PATH="${SSL_DIR}/${DOMAIN}.key"
-CRT_PATH="${SSL_DIR}/${DOMAIN}.crt"
+# Define CA file names
+CA_KEY="${SSL_DIR}/${SSL_CA_NAME}.key"
+CA_CERT="${SSL_DIR}/${SSL_CA_NAME}.pem"

-echo "Generating self-signed certificate for ${DOMAIN}..."
-
-openssl req -x509 -nodes -days ${DAYS} -newkey rsa:2048 \
-  -keyout "${KEY_PATH}" \
-  -out "${CRT_PATH}" \
-  -subj "/CN=${DOMAIN}"
-
-if [ $? -eq 0 ]; then
-  echo "Successfully generated certificate:"
-  echo "Private Key: ${KEY_PATH}"
-  echo "Certificate: ${CRT_PATH}"
+# Check if CA files exist; if not, generate them.
+if [ ! -f "$CA_KEY" ] || [ ! -f "$CA_CERT" ]; then
+  echo "Generating CA key and self-signed CA certificate..."
+  openssl genrsa -out "$CA_KEY" 4096
+  if [ $? -ne 0 ]; then
+    echo "Failed to generate CA key"
+    exit 1
+  fi
+  openssl req -x509 -new -nodes -key "$CA_KEY" -sha256 -days 1024 -out "$CA_CERT" -subj "/CN=My Custom CA"
+  if [ $? -ne 0 ]; then
+    echo "Failed to generate CA certificate"
+    exit 1
+  fi
+  echo "CA generated successfully:"
 else
-  echo "Certificate generation failed."
-fi
+  echo "Existing CA:"
+fi
+echo "  CA Private Key: $CA_KEY"
+echo "  CA Certificate: $CA_CERT"
+
+# Define domain file names
+DOMAIN_KEY="${SSL_DIR}/${DOMAIN}.key"
+DOMAIN_CSR="${SSL_DIR}/${DOMAIN}.csr"
+DOMAIN_CERT="${SSL_DIR}/${DOMAIN}.crt"
+
+echo "Generating private key for domain ${DOMAIN}..."
+openssl genrsa -out "$DOMAIN_KEY" 2048
+if [ $? -ne 0 ]; then
+  echo "Failed to generate domain key"
+  exit 1
+fi
+
+echo "Generating CSR for domain ${DOMAIN}..."
+openssl req -new -key "$DOMAIN_KEY" -out "$DOMAIN_CSR" -subj "/CN=${DOMAIN}"
+if [ $? -ne 0 ]; then
+  echo "Failed to generate CSR for ${DOMAIN}"
+  exit 1
+fi
+
+echo "Signing certificate for ${DOMAIN} using our CA..."
+openssl x509 -req -in "$DOMAIN_CSR" -CA "$CA_CERT" -CAkey "$CA_KEY" -CAcreateserial -out "$DOMAIN_CERT" -days $DAYS -sha256
+if [ $? -ne 0 ]; then
+  echo "Failed to sign certificate for ${DOMAIN}"
+  exit 1
+fi
+
+echo "Successfully generated the following files:"
+echo "  CA Private Key: $CA_KEY"
+echo "  CA Certificate: $CA_CERT"
+echo "  Domain Private Key: $DOMAIN_KEY"
+echo "  Domain Certificate: $DOMAIN_CERT"
+echo "  Domain Certificate Signing Request: $DOMAIN_CSR"