1#!/usr/bin/perl 2 3use strict; 4use Getopt::Long; 5use File::Temp; 6 7my $cn; 8my @dns = (); 9my $cafile = "root.pem"; 10my $prefix = "agent"; 11my $rand = "tls_seed.dat"; 12my $help = 0; 13 14GetOptions('help' => \$help, 15 'cn=s' => \$cn, 16 'dns=s' => \@dns, 17 'ca=s' => \$cafile, 18 'prefix=s' => \$prefix, 19 'rand=s' => \$rand); 20 21@dns = split(/,/,join(',',@dns)); 22 23if ($help || !$cn || !@dns) { 24 print "Usage: make_node_cert -cn <common name>\n". 25 " -dns <comma separated list of dns names>\n". 26 " [-ca cafile (default root.pem)]\n". 27 " [-prefix prefix (default agent)]\n". 28 " [-rand <random seed file>]\n"; 29 exit 0; 30} 31 32$_ = "DNS:$_" for @dns; 33 34my $dnsstring = join(',', @dns); 35 36my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1); 37 38print $fh <<"EOF"; 39[ req ] 40default_bits = 1024 41prompt = no 42distinguished_name = req_dn 43 44[ req_dn ] 45commonName = $cn 46 47[ ext ] 48basicConstraints=CA:FALSE 49subjectKeyIdentifier=hash 50authorityKeyIdentifier=keyid,issuer:always 51subjectAltName=$dnsstring 52keyUsage=digitalSignature:TRUE,keyEncipherment:TRUE 53EOF 54 55system("openssl req -newkey rsa -nodes -keyout ${prefix}key.pem -sha1 -out ${prefix}req.pem -config $filename -rand $rand"); 56 57system("openssl x509 -req -in ${prefix}req.pem -sha1 -extensions ext -CA $cafile -CAkey $cafile -out ${prefix}cert.pem -CAcreateserial -extfile $filename"); 58 59system("cat ${prefix}cert.pem ${prefix}key.pem >${prefix}.pem"); 60