You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.5 KiB
48 lines
1.5 KiB
#!/usr/bin/env bash |
|
# Script for generating and installing the Bitwarden development certificates on Linux. |
|
|
|
IDENTITY_SERVER_KEY=identity_server_dev.key |
|
IDENTITY_SERVER_CERT=identity_server_dev.crt |
|
IDENTITY_SERVER_CN="Bitwarden Identity Server Dev" |
|
DATA_PROTECTION_KEY=data_protection_dev.key |
|
DATA_PROTECTION_CERT=data_protection_dev.crt |
|
DATA_PROTECTION_CN="Bitwarden Data Protection Dev" |
|
|
|
# Detect management command to trust generated certificates. |
|
if [ -x "$(command -v update-ca-certificates)" ]; then |
|
# Debian based |
|
CA_CERT_DIR=/usr/local/share/ca-certificates/ |
|
UPDATE_CA_CMD=update-ca-certificates |
|
elif [ -x "$(command -v update-ca-trust)" ]; then |
|
# Redhat based |
|
CA_CERT_DIR=/etc/pki/ca-trust/source/anchors/ |
|
UPDATE_CA_CMD=update-ca-trust |
|
else |
|
echo 'Error: Update manager for CA certificates not found!' |
|
exit 1 |
|
fi |
|
|
|
|
|
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 3650 \ |
|
-keyout $IDENTITY_SERVER_KEY \ |
|
-out $IDENTITY_SERVER_CERT \ |
|
-subj "/CN=$IDENTITY_SERVER_CN" |
|
|
|
sudo cp $IDENTITY_SERVER_CERT $CA_CERT_DIR |
|
|
|
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 3650 \ |
|
-keyout $DATA_PROTECTION_KEY \ |
|
-out $DATA_PROTECTION_CERT \ |
|
-subj "/CN=$DATA_PROTECTION_CN" |
|
|
|
sudo cp $DATA_PROTECTION_CERT $CA_CERT_DIR |
|
|
|
sudo $UPDATE_CA_CMD |
|
|
|
identity=($(openssl x509 -in $IDENTITY_SERVER_CERT -outform der | sha1sum | tr a-z A-Z)) |
|
data=($(openssl x509 -in $DATA_PROTECTION_CERT -outform der | sha1sum | tr a-z A-Z)) |
|
|
|
echo "Certificate fingerprints:" |
|
|
|
echo "Identity Server Dev: ${identity}" |
|
echo "Data Protection Dev: ${data}"
|
|
|