1#!/usr/bin/perl
2
3use strict;
4use Getopt::Long;
5use File::Temp;
6
7my $cn;
8my @dns = ();
9my $cafile = "root.pem";
10my $prefix = "agent";
11my $rand = "tls_seed.dat";
12my $help = 0;
13
14GetOptions('help' => \$help,
15	   'cn=s' => \$cn,
16	   'dns=s' => \@dns,
17	   'ca=s' => \$cafile,
18	   'prefix=s' => \$prefix,
19           'rand=s' => \$rand);
20
21@dns = split(/,/,join(',',@dns));
22
23if ($help || !$cn || !@dns) {
24  print "Usage: make_node_cert -cn <common name>\n".
25        "                      -dns <comma separated list of dns names>\n".
26        "                     [-ca cafile (default root.pem)]\n".
27        "                     [-prefix prefix (default agent)]\n".
28	"                     [-rand <random seed file>]\n";
29  exit 0;
30}
31
32$_ = "DNS:$_" for @dns;
33
34my $dnsstring = join(',', @dns);
35
36my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
37
38print $fh <<"EOF";
39[ req ]
40default_bits		= 1024
41prompt                  = no
42distinguished_name	= req_dn
43
44[ req_dn ]
45commonName		= $cn
46
47[ ext ]
48basicConstraints=CA:FALSE
49subjectKeyIdentifier=hash
50authorityKeyIdentifier=keyid,issuer:always
51subjectAltName=$dnsstring
52keyUsage=digitalSignature:TRUE,keyEncipherment:TRUE
53EOF
54
55system("openssl req -newkey rsa -nodes -keyout ${prefix}key.pem -sha1 -out ${prefix}req.pem -config $filename -rand $rand");
56
57system("openssl x509 -req -in ${prefix}req.pem -sha1 -extensions ext -CA $cafile -CAkey $cafile -out ${prefix}cert.pem -CAcreateserial -extfile $filename");
58
59system("cat ${prefix}cert.pem ${prefix}key.pem >${prefix}.pem");
60