adding sslkeygen

shell/sslkeygen.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+#
+# SPDX-License-Identifier: MIT
+
+if [ $# -lt 2 ]; then
+  echo "This script takes 2 params"
+  echo
+  echo "$0 <mode> <key filename>"
+  echo
+  exit 1
+fi
+
+SERVER=$2
+
+case "$1" in
+  makeca)
+    /usr/bin/openssl genrsa -des3 -out ca.key 4096
+    /usr/bin/openssl req -new -x509 -days 1825 -key ca.key -out ca.crt
+    ;;
+  makekey)
+    /usr/bin/openssl genrsa -des3 2048 > "${SERVER}.key.encrypted"
+    /usr/bin/openssl rsa -in "${SERVER}.key.encrypted" -out "${SERVER}.key"
+    ;;
+  makecsr)
+    if [ ! -f "${SERVER}.key" ]; then
+      echo "${SERVER}.key missing, run \"$0 makekey\" first."
+      exit 1
+    fi
+    /usr/bin/openssl req -new -key "${SERVER}.key" -out "${SERVER}.csr"
+    ;;
+  signcrt)
+    if [ ! -f ca.key ] || [ ! -f ca.crt ]; then
+      echo "ca.key missing, run \"$0 makeca\" first."
+      exit 1
+    fi
+    if [ ! -f "${SERVER}.csr" ]; then
+      echo "${SERVER}.csr missing, run \"$0 makecsr\" first."
+      exit 1
+    fi
+    /usr/bin/openssl x509 -req -days 1825 -in "${SERVER}.csr" -CA ca.crt \
+      -CAkey ca.key -set_serial 01 -out "${SERVER}.crt"
+    ;;
+  makedh)
+    /bin/dd if=/dev/urandom of=ssldh.rand count=1 2>/dev/null
+    /usr/bin/openssl gendh -rand ssldh.rand 512 > "${SERVER}.dh"
+    ;;
+  makepem)
+    if [ ! -f "${SERVER}.key" ]; then
+      echo "${SERVER}.key missing, run \"$0 makekey\" first."
+      exit 1
+    fi
+    if [ ! -f "${SERVER}.crt" ]; then
+      echo "${SERVER}.crt missing, obtain from CA or run \"$0 signcrt\" first."
+      exit 1
+    fi
+    cat "${SERVER}.key" > "${SERVER}.pem"
+    cat "${SERVER}.crt" >> "${SERVER}.pem"
+    ;;
+  *)
+    echo
+    echo $"Usage: $0 {makeca|makekey|makecsr|signcrt|makedh|makepem} <key filename>"
+    echo
+    exit 2
+esac
+
+exit 0