Improve cert generate.sh script

Use ECDSA curve ed25519 key instead of RSA.

Minor improvements:
* Add shebang
* Fail script if any of the command fails and print the failed command
  along with the error message
* Make sure to not override existing key without explicit approval
* Add explanation messages for each step

Author: lundibundi

cert/generate.sh

@@ -1,5 +1,27 @@
+#!/bin/sh
+
+set -e
+# Keep track of the last executed command.
+trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
+# Echo an error message before exiting.
+trap 'echo "\"${last_command}\" command failed with exit code $?"' ERR
+
+
 cd "$(dirname "$0")"
-openssl genrsa -out key.pem 2048
-openssl req -new -out self.pem -key key.pem -subj '/CN=localhost'
+
+KEY_FILE=key.pem
+if [[ -f "$KEY_FILE" ]]; then
+  read -e -p "Are you sure you want to replace existing key? [y/N] " YES_NO
+  [[ "$YES_NO" != 'y' && "$YES_NO" != 'Y' ]] && exit 0
+fi
+
+echo "Generating private ed25519 key"
+openssl genpkey -algorithm ed25519 -out $KEY_FILE
+
+echo "Generating certificate signing request"
+openssl req -new -out self.pem -key $KEY_FILE -subj '/CN=localhost'
+
 openssl req -text -noout -in self.pem
-openssl x509 -req -days 1024 -in self.pem -signkey key.pem -out cert.pem -extfile generate.ext
+
+echo "Generating certificate"
+openssl x509 -req -days 1024 -in self.pem -signkey $KEY_FILE -out cert.pem -extfile generate.ext