commit generate.sh
This commit is contained in:
67
automation/certificates/internal/manios.ca/generate.sh
Normal file
67
automation/certificates/internal/manios.ca/generate.sh
Normal file
@@ -0,0 +1,67 @@
|
||||
#!/bin/sh
|
||||
|
||||
# quit if no FQDN specified
|
||||
if test -z $1; then
|
||||
echo "No FQDN specified!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# capture the first arg into a file so that we can shift it below
|
||||
fqdn=$1
|
||||
|
||||
# shift moves all arguments down (ie $2 becomes $1)
|
||||
shift
|
||||
|
||||
# empty var for appending
|
||||
subjectAltNames="DNS:${fqdn}"
|
||||
|
||||
# this looks through them all and sets up for multple alt names
|
||||
for args in "$@"; do
|
||||
subjectAltNames="${subjectAltNames},DNS:${args}"
|
||||
done
|
||||
|
||||
# CSR config file prep
|
||||
csrCnfFilename="${fqdn}/csr.cnf"
|
||||
csrFilename="${fqdn}/csr.pem"
|
||||
keyEncFilename="${fqdn}/key-enc.pem"
|
||||
keyFilename="${fqdn}/key.pem"
|
||||
keyPwFilename="${fqdn}/key.pw"
|
||||
keyBits=4096
|
||||
orgName=secmayl
|
||||
dnsNames="${subjectAltNames}"
|
||||
|
||||
# make the folder for the files
|
||||
mkdir -p "${fqdn}"
|
||||
|
||||
# this creates the config file
|
||||
echo "[ req ]" > "${csrCnfFilename}"
|
||||
echo "default_bits=${keyBits}" >> "${csrCnfFilename}"
|
||||
echo "default_md=sha256" >> "${csrCnfFilename}"
|
||||
echo "prompt=no" >> "${csrCnfFilename}"
|
||||
echo "encrypt_key=no" >> "${csrCnfFilename}"
|
||||
echo "distinguished_name=req_dn" >> "${csrCnfFilename}"
|
||||
echo "attributes=req_attr" >> "${csrCnfFilename}"
|
||||
echo "req_extensions=req_ext" >> "${csrCnfFilename}"
|
||||
echo "" >> "${csrCnfFilename}"
|
||||
echo "[ req_dn ]" >> "${csrCnfFilename}"
|
||||
echo "0.DC=com" >> "${csrCnfFilename}"
|
||||
echo "1.DC=${orgName}" >> "${csrCnfFilename}"
|
||||
echo "CN=${fqdn}" >> "${csrCnfFilename}"
|
||||
echo "" >> "${csrCnfFilename}"
|
||||
echo "[ req_attr ]" >> "${csrCnfFilename}"
|
||||
echo "" >> "${csrCnfFilename}"
|
||||
echo "[ req_ext ]" >> "${csrCnfFilename}"
|
||||
echo "subjectAltName=${dnsNames}" >> "${csrCnfFilename}"
|
||||
|
||||
# generate a strong key
|
||||
#openssl ecparam -name sect571r1 -genkey -out "$keyFilename"
|
||||
openssl genrsa -aes256 -out "${keyEncFilename}" -passout file:"${keyPwFilename}" "${keyBits}"
|
||||
|
||||
# decrypt key
|
||||
openssl rsa -in "${keyEncFilename}" -out "${keyFilename}" -passin file:"${keyPwFilename}"
|
||||
|
||||
# create a new CSR for this key
|
||||
openssl req -new -config "${csrCnfFilename}" -key "${keyFilename}" -out "${csrFilename}"
|
||||
|
||||
# print the CSR
|
||||
#cat "$csrFilename"
|
||||
Reference in New Issue
Block a user