Skip to content
Snippets Groups Projects
Commit 1d7b429f authored by nimrod's avatar nimrod
Browse files

- init works, gen works but doesn't set the correct CN yet.

parent 69e1458f
No related branches found
No related tags found
No related merge requests found
...@@ -4,5 +4,5 @@ ...@@ -4,5 +4,5 @@
*.swo *.swo
certs/* certs/*
keys/* keys/*
openssl.cnf openssl.cnf*
CA.* CA.*
...@@ -21,6 +21,10 @@ configuration for starting work and a new CA key and certificate. :: ...@@ -21,6 +21,10 @@ configuration for starting work and a new CA key and certificate. ::
$ mkdir domain.tld $ mkdir domain.tld
$ cd domain.tld $ cd domain.tld
$ ssl-ca init $ ssl-ca init
Generating RSA private key, 512 bit long modulus
.++++++++++++
......++++++++++++
e is 65537 (0x10001)
To generate a new key and certificate for the www host, the key will at To generate a new key and certificate for the www host, the key will at
``keys/www`` and the certificate at ``certs/www`` :: ``keys/www`` and the certificate at ``certs/www`` ::
...@@ -49,6 +53,8 @@ Nimrod Adar. ...@@ -49,6 +53,8 @@ Nimrod Adar.
TODO TODO
---- ----
- Verify that the fqdn is correct.
- Fill out example output in the usage section. - Fill out example output in the usage section.
- Add checks and failure messages to each action. - Add checks and failure messages to each action.
- Finish openssl configuration. - Delete serial file.
- Testing (creating a ca, creating a key and cert and verifying).
#!/bin/sh -e #!/bin/sh -e
domain="$(basename $(pwd))"
default_config=\ default_config=\
"[ ca ] "[ ca ]
default_ca = CA_default default_ca = CA_default
...@@ -12,45 +13,65 @@ private_key = CA.key ...@@ -12,45 +13,65 @@ private_key = CA.key
default_md = sha256 default_md = sha256
default_days = 365 default_days = 365
email_in_dn = no email_in_dn = no
policy = policy_any
[ policy_any ] [ req_distinguished_name]
countryName = US #C = 2 letter country code
stateOrProvinceName = #ST = State
#L = Locality
#O = Organization name
#OU = Organizational unit
#emailAddress = email address
#CN = *.*.$domain
[ req ] [ req ]
distinguished_name = req_distinguished_name
prompt = no prompt = no
encrypt_key = encrypt_key = no
default_md = sha256 default_md = sha256
default_bits = 2048" default_bits = 2048"
#keytype=\"$keytype\"
#cipher=\"$cipher\"
#state='Somewhere'
#locality='Some other place.'
#orgname='Acme'
#orgunit='Widgets'
usage () { usage () {
echo "Usage: $0 init|gen|sign|resign" echo "Usage: $0 init|gen|sign|resign"
} }
init () { init () {
mkdir "certs" mkdir -p "certs"
mkdir "keys" mkdir -p "keys"
openssl genra -out CA.key
openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
echo "$default_config" > "openssl.cnf" echo "$default_config" > "openssl.cnf"
openssl genrsa \
-out CA.key
openssl req \
-x509 \
-config openssl.cnf \
-new \
-subj "CN=*.*.$domain" \
-key CA.key \
-out CA.crt
} }
sign_key () { sign_key () {
csr="$(mktemp)" echo "Generating CSR for $1.$domain."
openssl req -new -config openssl.cnf -out "$csr" csr="$(mktemp -t ssl-ca)"
openssl x509 -req -in "$csr" -out "certs/$1.crt" openssl req \
-key keys/$1 \
-new \
-config openssl.cnf \
-subj "/CN=*.*.$1.$domain" \
-out "$csr"
echo "Generating cert for $1.$domain."
openssl x509 \
-req \
-in "$csr" \
-out "certs/$1" \
-CA CA.crt \
-CAcreateserial \
-extensions v3_ca \
-CAkey CA.key
rm "$csr" rm "$csr"
} }
gen_key () { gen_key () {
echo "Generating key for $1.$domain."
openssl genrsa -out "keys/$1" openssl genrsa -out "keys/$1"
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment