scripts: Add script to autogenerate a self-signed SSL cert.

This will simplify step 1 of prod-install instruction to reduce suffering in testing/experimenting production environments. Attribution: the scripts/setup/configure-certs is based on @galexrt's 5c0daf6211 Further tweaked by tabbott to rename the script and edit the messages.
2025-11-04 05:53:43 +00:00 · 2017-07-01 13:17:51 +02:00
parent 898269bbac
commit 614e3bb1ef
1 changed files with 30 additions and 0 deletions
--- a/scripts/setup/generate-self-signed-certs
+++ b/scripts/setup/generate-self-signed-certs
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -e
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root" >&2
+    exit 1
+fi
+
+if [ -z "${1:-}" ]; then
+    echo "Usage: $0 <Zulip server name>" >&2
+    exit 1
+fi
+
+SERVER_NAME="$1"
+
+echo "Executing certificates configuration..."
+if [ ! -e /etc/ssl/private/zulip.key ] && [ ! -e /etc/ssl/certs/zulip.combined-chain.crt ]; then
+    echo "SSL certificates for Zulip not found in /etc/ssl/."
+    echo "Autogenerating certificates ..."
+    apt-get install -y openssl
+    openssl genrsa -des3 -passout pass:x -out /tmp/server.pass.key 4096
+    openssl rsa -passin pass:x -in /tmp/server.pass.key -out /etc/ssl/private/zulip.key
+    openssl req -new -nodes -subj "/O=$SERVER_NAME" -key /etc/ssl/private/zulip.key -out /tmp/server.csr
+    openssl x509 -req -days 365 -in /tmp/server.csr -signkey /etc/ssl/private/zulip.key -out /etc/ssl/certs/zulip.combined-chain.crt
+    rm -f /tmp/server.csr /tmp/server.pass.key
+    echo "Generated new self-signed SSL certificates for Zulip."
+else
+    echo "SSL certificates for Zulip already exist in /etc/ssl/.  Skipping."
+fi
+echo "SSL certificate configuration succeeded."