Last active
May 11, 2017 21:03
-
-
Save xueshanf/a96bb43ae802de4fc239524b958a8ca7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Script to verify key, cert. Generate a pem bundle for haproxy. | |
AWS_PROFILE=${AWS_PROFILE:-NODEFAULT} | |
CERT_BUCKET=${CERT_BUCKET:-DODEFAULT} | |
fqdn=$1 | |
shortname=${fqdn/.example.com/} | |
# Error checking | |
[ -z "$fqdn" ] && echo "Usage: ./$(basename $0) <fqdn>" && exit 1 | |
if ! aws --profile ${AWS_PROFILE} sts get-caller-identity > /dev/null ; | |
then | |
echo "Cannot verify ${AWS_PROFILE}. Use export AWS_PROFILE=<myprofile> to set default." | |
exit 1 | |
fi | |
# Remove trailing slashes in bucket name, if any. | |
my_bucket=$(echo $CERT_BUCKET | sed 's%/$%%g' ) | |
if [ -z "${my_bucket}" ] || ! aws --profile ${AWS_PROFILE} s3 ls ${my_bucket}/ > /dev/null ; | |
then | |
echo Cannot verify ${my_bucket}. | |
echo use export CERT_BUCKET=s3://... to set default. | |
exit 1 | |
fi | |
echo Checking key file $fqdn | |
[ ! -f $fqdn.key ] && echo "$fqdn.key doesn't exit." && exit 1 | |
keymd5=$(openssl rsa -noout -modulus -in $fqdn.key | openssl md5) | |
echo "md5 = $keymd5" | |
echo Checking server cert $cert | |
[ ! -f $fqdn.crt ] && echo "$fqdn.crt doesn't exit." && exit 1 | |
certmd5=$(openssl x509 -noout -modulus -in $fqdn.crt | openssl md5) | |
echo "md5 = $certmd5" | |
if [ "$keymd5" != "$certmd5" ] | |
then | |
echo "Certificate and private key doesn't match." | |
exit 1 | |
fi | |
for i in $fqdn.crt $fqdn.key | |
do | |
cat $i | |
echo "" | |
done | tr '\r' '\n' > $shortname.pem | |
echo "$shortname.pem is saved. " | |
echo "uploading to s3." | |
aws --profile ${AWS_PROFILE} s3 cp $shortname.pem ${my_bucket}/$shortname.pem | |
aws --profile ${AWS_PROFILE} s3 ls ${my_bucket}/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment