Security: Improved scripts for creating local TLS certificates
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
parent
5ca5bc66b7
commit
155d96b149
|
@ -1,20 +1,20 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# To add this certificate to your list of trusted issuers:
|
||||
# sudo cp storage/config/certificates/photoprism.local.issuer.crt /usr/local/share/ca-certificates/photoprism.local.issuer.crt
|
||||
# sudo update-ca-certificates
|
||||
|
||||
# shellcheck disable=SC2164
|
||||
SCRIPT_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
|
||||
CERTS_PATH="${SCRIPT_PATH}/../../storage/config/certs"
|
||||
CERTS_PATH="${SCRIPT_PATH}/../../storage/config/certificates"
|
||||
|
||||
echo "OpenSSL Scripts: ${SCRIPT_PATH}"
|
||||
echo "HTTPS Cert Path: ${CERTS_PATH}"
|
||||
|
||||
mkdir -p "${CERTS_PATH}"
|
||||
|
||||
openssl genrsa -out "$CERTS_PATH/ca.key" 4096
|
||||
openssl genrsa -out "$CERTS_PATH/photoprism.local.issuer.key" 4096
|
||||
|
||||
openssl req -x509 -new -nodes -key "$CERTS_PATH/ca.key" -sha256 -days 365 -out "$CERTS_PATH/ca.pem" -passin pass: -passout pass: -config "$SCRIPT_PATH/ca.conf"
|
||||
openssl req -x509 -new -nodes -key "$CERTS_PATH/photoprism.local.issuer.key" -sha256 -days 365 -out "$CERTS_PATH/photoprism.local.issuer.pem" -passin pass: -passout pass: -config "$SCRIPT_PATH/ca.conf"
|
||||
|
||||
openssl x509 -outform der -in "$CERTS_PATH/ca.pem" -out "$CERTS_PATH/ca.crt"
|
||||
|
||||
# To add this to the local cert list:
|
||||
# sudo cp ./certs/ca.crt /usr/local/share/ca-certificates/local-ca.crt
|
||||
# sudo update-ca-certificates
|
||||
openssl x509 -outform der -in "$CERTS_PATH/photoprism.local.issuer.pem" -out "$CERTS_PATH/photoprism.local.issuer.crt"
|
||||
|
|
|
@ -2,18 +2,15 @@
|
|||
|
||||
# shellcheck disable=SC2164
|
||||
SCRIPT_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
|
||||
CERTS_PATH="${SCRIPT_PATH}/../../storage/config/certs"
|
||||
|
||||
echo "OpenSSL Scripts: ${SCRIPT_PATH}"
|
||||
echo "HTTPS Cert Path: ${CERTS_PATH}"
|
||||
CERTS_PATH="${SCRIPT_PATH}/../../storage/config/certificates"
|
||||
|
||||
mkdir -p "${CERTS_PATH}"
|
||||
|
||||
openssl genrsa -out "$CERTS_PATH/local.key" 4096
|
||||
openssl genrsa -out "$CERTS_PATH/photoprism.local.key" 4096
|
||||
|
||||
openssl req -new -config "$SCRIPT_PATH/openssl.conf" -key "$CERTS_PATH/local.key" -out "$CERTS_PATH/local.csr"
|
||||
openssl req -new -config "$SCRIPT_PATH/openssl.conf" -key "$CERTS_PATH/photoprism.local.key" -out "$CERTS_PATH/photoprism.local.csr"
|
||||
|
||||
openssl x509 -req -in "$CERTS_PATH/local.csr" -CA "$CERTS_PATH/ca.pem" -CAkey "$CERTS_PATH/ca.key" -CAcreateserial \
|
||||
-out "$CERTS_PATH/local.crt" -days 365 -sha256 -extfile "$SCRIPT_PATH/local.conf"
|
||||
openssl x509 -req -in "$CERTS_PATH/photoprism.local.csr" -CA "$CERTS_PATH/photoprism.local.issuer.pem" -CAkey "$CERTS_PATH/photoprism.local.issuer.key" -CAcreateserial \
|
||||
-out "$CERTS_PATH/photoprism.local.crt" -days 365 -sha256 -extfile "$SCRIPT_PATH/local.conf"
|
||||
|
||||
openssl pkcs12 -export -in "$CERTS_PATH/local.crt" -inkey "$CERTS_PATH/local.key" -out "$CERTS_PATH/local.pfx" -passin pass: -passout pass:
|
||||
openssl pkcs12 -export -in "$CERTS_PATH/photoprism.local.crt" -inkey "$CERTS_PATH/photoprism.local.key" -out "$CERTS_PATH/photoprism.local.pfx" -passin pass: -passout pass:
|
||||
|
|
Loading…
Reference in a new issue