nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
72a60b661bd4e3547c530e3e8e3878c25406fb53
showcase/automation/certificates/internal/manios.ca/generate.sh
nicholas 8cd36f2060 commit generate.sh
2022-01-28 20:19:19 +00:00

68 lines
2.0 KiB
Bash
Raw Blame History

#!/bin/sh
# quit if no FQDN specified
if test -z $1; then
echo "No FQDN specified!"
exit 1
fi
# capture the first arg into a file so that we can shift it below
fqdn=$1
# shift moves all arguments down (ie $2 becomes $1)
shift
# empty var for appending
subjectAltNames="DNS:${fqdn}"
# this looks through them all and sets up for multple alt names
for args in "$@"; do
subjectAltNames="${subjectAltNames},DNS:${args}"
done
# CSR config file prep
csrCnfFilename="${fqdn}/csr.cnf"
csrFilename="${fqdn}/csr.pem"
keyEncFilename="${fqdn}/key-enc.pem"
keyFilename="${fqdn}/key.pem"
keyPwFilename="${fqdn}/key.pw"
keyBits=4096
orgName=secmayl
dnsNames="${subjectAltNames}"
# make the folder for the files
mkdir -p "${fqdn}"
# this creates the config file
echo "[ req ]" > "${csrCnfFilename}"
echo "default_bits=${keyBits}" >> "${csrCnfFilename}"
echo "default_md=sha256" >> "${csrCnfFilename}"
echo "prompt=no" >> "${csrCnfFilename}"
echo "encrypt_key=no" >> "${csrCnfFilename}"
echo "distinguished_name=req_dn" >> "${csrCnfFilename}"
echo "attributes=req_attr" >> "${csrCnfFilename}"
echo "req_extensions=req_ext" >> "${csrCnfFilename}"
echo "" >> "${csrCnfFilename}"
echo "[ req_dn ]" >> "${csrCnfFilename}"
echo "0.DC=com" >> "${csrCnfFilename}"
echo "1.DC=${orgName}" >> "${csrCnfFilename}"
echo "CN=${fqdn}" >> "${csrCnfFilename}"
echo "" >> "${csrCnfFilename}"
echo "[ req_attr ]" >> "${csrCnfFilename}"
echo "" >> "${csrCnfFilename}"
echo "[ req_ext ]" >> "${csrCnfFilename}"
echo "subjectAltName=${dnsNames}" >> "${csrCnfFilename}"
# generate a strong key
#openssl ecparam -name sect571r1 -genkey -out "$keyFilename"
openssl genrsa -aes256 -out "${keyEncFilename}" -passout file:"${keyPwFilename}" "${keyBits}"
# decrypt key
openssl rsa -in "${keyEncFilename}" -out "${keyFilename}" -passin file:"${keyPwFilename}"
# create a new CSR for this key
openssl req -new -config "${csrCnfFilename}" -key "${keyFilename}" -out "${csrFilename}"
# print the CSR
#cat "$csrFilename"
Reference in New Issue View Git Blame Copy Permalink