-
Notifications
You must be signed in to change notification settings - Fork 0
/
rsa-net-csr
executable file
·86 lines (75 loc) · 2.57 KB
/
rsa-net-csr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
## Takes one parameter for the name of the certificate and creates
## a private certificate and an certification signing request both in PEM
## format. This uses the provided CN as the domain name of the server.
usage () {
>&2 echo "Usage:"
>&2 echo " $0 <key-name> <C> <ST> <L> <O> <OU> <CN> <mail>"
>&2 echo "or"
>&2 echo " $0 <key-name> <config-file> <CN> <mail>"
>&2 echo "with:"
>&2 echo "<key-name> The name of the key to be created."
>&2 echo "<config-file> A configuration file which must exists, which defines <C> <ST> <L> <O> <OU>"
>&2 echo "<C> The two letter country code where the server is located."
>&2 echo "<ST> The state where the server is located."
>&2 echo "<L> The locality, where the server is located."
>&2 echo "<O> The organisation, where the server belongs to."
>&2 echo "<OU> The organisation unit the server belongs to."
>&2 echo "<CN> The domain name (FQDN) of the server/service."
>&2 echo "<mail> The e-mail address of the admin team."
>&2 echo
>&2 echo "Beware the <CN> MUST be a FQDN! The CSR generation will fail otherwise!"
>&2 echo
exit 1
}
debug () {
now=$(date +"%T")
echo "[$now] Key: $KEY_FILE | CSR: $CSR_FILE"
echo "[$now] /C=$CSR_C/ST=$CSR_ST/L=$CSR_L/O=$CSR_O/OU=$CSR_OU/CN=$CSR_CN/emailAddress=$CSR_MAIL"
}
if [ ! -f CA/key.pem ]; then
>&2 echo "The CA is not initialized!"
exit 1
fi
# Check if a name was provided.
if [ -z "$1" ]; then
usage
exit 2
fi
# Declare the variables, if config file was provided, read it from there.
if [ -f "$2" -a "$#" -eq 4 ]; then
source $2
CSR_CN="$3"
CSR_MAIL="$4"
elif [ "$#" -eq 8 ]; then
CSR_C="$2"
CSR_ST="$3"
CSR_L="$4"
CSR_O="$5"
CSR_OU="$6"
CSR_CN="$7"
CSR_MAIL="$8"
else
>&2 echo "Wrong number of arguments: $#"
exit 2
fi
KEY_FILE="./$1.key.pem"
CSR_FILE="./$1.csr.pem"
debug
# Create the private key, which is stored AES256 encrypted.
openssl genrsa -aes256 -out "$KEY_FILE" 4096
retVal=$?
if [ $retVal -eq 0 ]; then
now=$(date +"%T")
echo "[$now] RSA key '$KEY_FILE' created."
fi
# Create the CSR, using the just created private key
openssl req -new -sha256 \
-subj "/C=$CSR_C/ST=$CSR_ST/L=$CSR_L/O=$CSR_O/OU=$CSR_OU/CN=$CSR_CN/emailAddress=$CSR_MAIL" \
-addext "subjectAltName = DNS:$CSR_CN" \
-key "$KEY_FILE" -out "$CSR_FILE"
retVal=$?
if [ $retVal -eq 0 ]; then
now=$(date +"%T")
echo "[$now] CSR '$1.csr.pem' created."
fi