- Cleaned the README a bit.

- Merged the gen-ca command into the init command. - Fixed a bug. - Filled all commands (though not everything should be wokring yet). - Keys and certificates have the subdomain name and the directory the domain.

- Cleaned the README a bit.
69e1458f · nimrod · 8513d68e · 69e1458f · 69e1458f
Commit 69e1458f authored 9 years ago by nimrod
--- a/README.rst
+++ b/README.rst
 SSL-CA
 ######
-This is a program (written in POSIX shell) to generate an SSL/TLS certificate
+This utility automates generating an SSL certificate authority, keys and signed
-authority, signed certificates and to sign existing certificates.
+certificates. The only dependecy is openssl.
 Installation
 ------------
@@ -12,62 +12,34 @@ Installation
    cd ssl-ca
    sudo make install
-The only dependency is openssl.
 Usage
 -----
-To start a new CA ::
+This will generate, inside the new directory, the directory stucture, a starting
+configuration for starting work and a new CA key and certificate. ::
-    $ mkdir mycerts
+    $ mkdir domain.tld
-    $ cd mycerts
+    $ cd domain.tld
    $ ssl-ca init
-This will create a new directory with the directory structure and a
+To generate a new key and certificate for the www host, the key will at
-configuration file **Remember to change the configuration in `openssl.cnf`.**
+``keys/www`` and the certificate at ``certs/www`` ::
-To generate a new CA key and certificate (inside the new directory)::
-    $ ssl-ca ca-gen
-To generate a new key and certificate for the www.example.com domain ::
-    $ ssl-ca gen www.example.com
+    $ ssl-ca gen www
-The key will be at ``keys/www.example.com.key`` and the certificate at
+To sign existing keys, copy them to the ``keys/`` folder. All keys that don't
-``certs/www.example.com.pem``.
+have a matching certificate under ``certs/`` will be signed when running ::
-To sign existing keys, copy them to ``keys/subdomain.domain.tld.key`` and run (this will sign all of keys found under ``keys/``) ::
    $ ssl-ca sign
-To resign **ALL** existing keys (overriding existing certificates) ::
+To resign **ALL** existing keys (regardles of existing certificates) ::
    $ ssl-ca resign
-Example config
--------------
-::
-    # This file is sourced by ssl-ca, so comments start with #
-    # and usual shell evaluation and variables can be used.
-    # No setting is mandatory and missing setting will be left blank or the
-    # default value will be used.
-    keysize=2048
-    keytype='rsa'
-    cipher='aes256'
-    days=365
-    countrycode='US'
-    state='Somewhere'
-    locality='Some other place.'
-    orgname='Acme'
-    orgunit='Widgets'
-    email='hostmaster@example.com'
 License
 -------
-This software is licnesed under the MIT licese (see the LICENSE.txt file).
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
 Author
 ------
@@ -77,5 +49,6 @@ Nimrod Adar.
 TODO
 ----
- Write said program.
 - Fill out example output in the usage section.
+- Add checks and failure messages to each action.
+- Finish openssl configuration.
--- a/ssl-ca
+++ b/ssl-ca
@@ -32,29 +32,26 @@ default_bits = 2048"
 #orgunit='Widgets'
 usage () {
-    echo "Usage: $0 "
+    echo "Usage: $0 init|gen|sign|resign"
 }
 init () {
-    mkdir "$1/certs"
+    mkdir "certs"
-    mkdir "$1/keys"
+    mkdir "keys"
-    echo "$default_config" > "$1/openssl.cnf"
+    openssl genra -out CA.key
+    openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
+    echo "$default_config" > "openssl.cnf"
 }
 sign_key () {
    csr="$(mktemp)"
-    openssl req -new -config openssl.cnf -out $csr
+    openssl req -new -config openssl.cnf -out "$csr"
-    openssl x509 -req -in $csr -out certs/$1.crt
+    openssl x509 -req -in "$csr" -out "certs/$1.crt"
-    rm $csr
+    rm "$csr"
 }
 gen_key () {
-    openssl genrsa -out keys/$1.key
+    openssl genrsa -out "keys/$1"
-}
-ca_gen () {
-    openssl genra -out CA.key
-    openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
 }
 if [ $# -lt 1 ]
@@ -67,26 +64,23 @@ case "$1" in
    init)
        init
        ;;
-    ca-gen)
-        ca-gen
-        ;;
    gen)
-        gen_key
+        gen_key "$2"
-        sign_key $key
+        sign_key "$2"
        ;;
    sign)
-        for key in keys/*.key
+        for key in keys/*
        do
-            if [ ! -f certs/$key.pem ]
+            if [ ! -f "certs/$(basename $key)" ]
            then
-                sign_key $key
+                sign_key "$(basename $key)"
            fi
        done
        ;;
    resign)
        for key in keys/*
        do
-            sign_key $key
+            sign_key "$(basename $key)"
        done
        ;;
    *)