Skip to content
Snippets Groups Projects
Commit 1d7b429f authored by nimrod's avatar nimrod
Browse files

- init works, gen works but doesn't set the correct CN yet.

parent 69e1458f
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
.gitignore
+ 1
1
View file @ 1d7b429f
...@@ -4,5 +4,5 @@ ...@@ -4,5 +4,5 @@
*.swo *.swo
certs/* certs/*
keys/* keys/*
openssl.cnf openssl.cnf*
CA.* CA.*
README.rst
+ 7
1
View file @ 1d7b429f
...@@ -21,6 +21,10 @@ configuration for starting work and a new CA key and certificate. :: ...@@ -21,6 +21,10 @@ configuration for starting work and a new CA key and certificate. ::
$ mkdir domain.tld $ mkdir domain.tld
$ cd domain.tld $ cd domain.tld
$ ssl-ca init $ ssl-ca init
Generating RSA private key, 512 bit long modulus
.++++++++++++
......++++++++++++
e is 65537 (0x10001)
To generate a new key and certificate for the www host, the key will at To generate a new key and certificate for the www host, the key will at
``keys/www`` and the certificate at ``certs/www`` :: ``keys/www`` and the certificate at ``certs/www`` ::
...@@ -49,6 +53,8 @@ Nimrod Adar. ...@@ -49,6 +53,8 @@ Nimrod Adar.
TODO TODO
---- ----
- Verify that the fqdn is correct.
- Fill out example output in the usage section. - Fill out example output in the usage section.
- Add checks and failure messages to each action. - Add checks and failure messages to each action.
- Finish openssl configuration. - Delete serial file.
- Testing (creating a ca, creating a key and cert and verifying).
ssl-ca
+ 40
19
View file @ 1d7b429f
#!/bin/sh -e #!/bin/sh -e
domain="$(basename $(pwd))"
default_config=\ default_config=\
"[ ca ] "[ ca ]
default_ca = CA_default default_ca = CA_default
...@@ -12,45 +13,65 @@ private_key = CA.key ...@@ -12,45 +13,65 @@ private_key = CA.key
default_md = sha256 default_md = sha256
default_days = 365 default_days = 365
email_in_dn = no email_in_dn = no
policy = policy_any
[ policy_any ] [ req_distinguished_name]
countryName = US #C = 2 letter country code
stateOrProvinceName = #ST = State
#L = Locality
#O = Organization name
#OU = Organizational unit
#emailAddress = email address
#CN = *.*.$domain
[ req ] [ req ]
distinguished_name = req_distinguished_name
prompt = no prompt = no
encrypt_key = encrypt_key = no
default_md = sha256 default_md = sha256
default_bits = 2048" default_bits = 2048"
#keytype=\"$keytype\"
#cipher=\"$cipher\"
#state='Somewhere'
#locality='Some other place.'
#orgname='Acme'
#orgunit='Widgets'
usage () { usage () {
echo "Usage: $0 init|gen|sign|resign" echo "Usage: $0 init|gen|sign|resign"
} }
init () { init () {
mkdir "certs" mkdir -p "certs"
mkdir "keys" mkdir -p "keys"
openssl genra -out CA.key
openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
echo "$default_config" > "openssl.cnf" echo "$default_config" > "openssl.cnf"
openssl genrsa \
-out CA.key
openssl req \
-x509 \
-config openssl.cnf \
-new \
-subj "CN=*.*.$domain" \
-key CA.key \
-out CA.crt
} }
sign_key () { sign_key () {
csr="$(mktemp)" echo "Generating CSR for $1.$domain."
openssl req -new -config openssl.cnf -out "$csr" csr="$(mktemp -t ssl-ca)"
openssl x509 -req -in "$csr" -out "certs/$1.crt" openssl req \
-key keys/$1 \
-new \
-config openssl.cnf \
-subj "/CN=*.*.$1.$domain" \
-out "$csr"
echo "Generating cert for $1.$domain."
openssl x509 \
-req \
-in "$csr" \
-out "certs/$1" \
-CA CA.crt \
-CAcreateserial \
-extensions v3_ca \
-CAkey CA.key
rm "$csr" rm "$csr"
} }
gen_key () { gen_key () {
echo "Generating key for $1.$domain."
openssl genrsa -out "keys/$1" openssl genrsa -out "keys/$1"
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment