#!/bin/bash
set -e
activePeriod=$1
if [ "$activePeriod" == "" ]; then
activePeriod=10950
fi
read -s passwd
certPath=$GAUSSHOME/share/sslcert/cm
if [ ! -f "$certPath/openssl.cnf" ]; then
echo "CM ssl conf does not exist."
exit 1
fi
export OPENSSL_CONF=$GAUSSHOME/share/sslcert/gsql/openssl.cnf
if [ ! -f "$OPENSSL_CONF" ]; then
echo "ssl config file does not exist."
exit 1
fi
echo "$passwd" | openssl genrsa -aes256 -f4 -passout stdin -out $certPath/cakey.pem 2048
echo "$passwd" | openssl req -new -x509 -passin stdin -days $activePeriod -key $certPath/cakey.pem -out $certPath/cacert.pem -subj "/C=CN/ST=NULL/L=NULL/O=NULL/OU=NULL/CN=CA"
for role in "server" "client";
do
echo "$passwd" | openssl genrsa -aes256 -passout stdin -out $certPath/$role.key 2048
echo "$passwd" | openssl req -new -key $certPath/$role.key -passin stdin -out $certPath/$role.csr -subj "/C=CN/ST=NULL/L=NULL/O=NULL/OU=NULL/CN=$role"
echo "$passwd" | openssl x509 -req -days $activePeriod -in $certPath/$role.csr -CA $certPath/cacert.pem -CAkey $certPath/cakey.pem -passin stdin -CAcreateserial -out $certPath/$role.crt -extfile $certPath/openssl.cnf
done
expect -c "
spawn cm_ctl encrypt -M server -D $certPath;
expect {
\"*password*\" { send \"$passwd\r\"; exp_continue }
}
"
expect -c "
spawn cm_ctl encrypt -M client -D $certPath;
expect {
\"*password*\" { send \"$passwd\r\"; exp_continue }
}
"
passwd=""
unset passwd
chmod 400 $certPath/*