-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_cert
executable file
·75 lines (69 loc) · 2.2 KB
/
create_cert
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/sh
# 06/04/17 - Created by Andrew Puckett
# 01/04/18 - Added options and ability to create CA
if [ $# -lt 1 ]; then
echo "NAME"
echo " $(basename $0) options"
echo
echo "DESCRIPTION"
echo " $(basename $0) is used to create certificate/key from a CA or to create a CA."
echo
echo "OPTIONS"
echo " -a"
echo " Certificate authority basename. Required."
echo " -c"
echo " Certificate basename. Optional, if not present then a certificate authority is created."
echo " -d"
echo " Days. Optional, if not present 3650 is used."
echo " -p"
echo " Path. Optional, if not present CD is used."
echo " -s"
echo " Subject (e.g. '/emailAddress=admin@8-nines.com...]'). Optional, if not present 8-nines default is used."
echo
echo "AUTHOR"
echo " Andrew Puckett"
echo
exit 1
fi
CA=
CERT=
DAYS=3650
DIR=$(pwd)
DEFAULT_SUBJ='/emailAddress=admin@8-nines.com/C=US/ST=Tennessee/L=Nashville/O=8-nines Consulting, LLC/OU=Home Automation/CN='
while getopts a:c:d:p:s: opt
do
case "$opt" in
a) CA=$OPTARG;;
c) CERT=$OPTARG;;
d) DAYS=$OPTARG;;
p) DIR=$OPTARG;;
s) SUBJ=$OPTARG;;
esac
done
if [ -z "$CA" ]; then
echo "You must provide a CA with the -a option" && exit 1
fi
case $DAYS in
*[!0-9]*) echo "$DAYS is not valid" && exit 1;;
esac
if [ -n "$CERT" ]; then
if [ ! -f $DIR/${CA}_ca.crt ]; then
echo "Cannot find CA. Check the -a and/or -p options." && exit 1
fi
if [ -f $DIR/${CA}_ca.srl ]; then
SERIAL=-CAserial $DIR/${CA}_ca.srl
else
SERIAL=-CAcreateserial
fi
[ -n "$SUBJ" ] || SUBJ=${DEFAULT_SUBJ}$CERT
openssl genrsa -out $DIR/$CERT.key 2048
openssl req -new -out $DIR/$CERT.csr -key $DIR/$CERT.key -subj "$SUBJ"
openssl x509 -req -in $DIR/$CERT.csr -CA $DIR/${CA}_ca.crt -CAkey $DIR/${CA}_ca.key $SERIAL -out $DIR/$CERT.crt -days $DAYS
openssl x509 -in $DIR/$CERT.crt -sha256 -noout -fingerprint
openssl x509 -outform der -in $DIR/$CERT.crt -out $DIR/$CERT.crt.der
openssl rsa -outform der -in $DIR/$CERT.key -out $DIR/$CERT.key.der
else
[ -n "$SUBJ" ] || SUBJ=${DEFAULT_SUBJ}$CA
openssl req -new -x509 -days $DAYS -extensions v3_ca -keyout $DIR/${CA}_ca.key -out $DIR/${CA}_ca.crt -subj "$SUBJ"
openssl x509 -outform der -in $DIR/${CA}_ca.crt -out $DIR/${CA}_ca.crt.der
fi