-
-
Save SansWord/8cc404a951ce12b49c68f93d2e8f1044 to your computer and use it in GitHub Desktop.
Generate private key, certification request, optional PEM files at once
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "edit this file before you execute it!!" | |
| echo "make sure keytool and openssl commands are in PATH" | |
| read -p "Contiune?" ANS | |
| read -p "give me CN(www.xxx.com.tw)" CN | |
| read -s -p "give me default password(length >= 8)" PASS | |
| set -e | |
| # Edit these arguments | |
| KEYSIZE=2048 | |
| # some CA don't support DSA | |
| KEYALG=RSA | |
| # some CA don't want MD5withRSA | |
| SIGALG=SHA256withRSA | |
| # the days that private key will be valid | |
| VALIDITY=3650 | |
| # Base name of all files | |
| BN="new_$CN" | |
| byebye() { | |
| echo "Bye!" | |
| exit 0 | |
| } | |
| keytool -genkeypair -alias $CN -keyalg $KEYALG -keysize $KEYSIZE -sigalg $SIGALG -validity $VALIDITY -keystore "$BN.jks" -dname "CN=$CN, OU=NEVEC, O=YAHOO, L=Taipei, ST=Taiwan, C=TW" -storepass $PASS -keypass $PASS | |
| keytool -list -alias $CN -v -storepass $PASS -keystore "$BN.jks" | |
| echo "is all information of private key OK? press ctrl+c to break or any key to continue." | |
| read ANS | |
| echo "start to create certification request..." | |
| keytool -certreq -keystore "$BN.jks" -file "$BN.csr" -alias $CN -sigalg $SIGALG -keypass $PASS -storepass $PASS | |
| echo "certification request OK!" | |
| echo "should I make additional PEM files? normally, you just answer NO. Answer YES if customer needs your private key in PEM format." | |
| read -p "[NO/yes]?" ANS | |
| if [ $ANS = "NO" ] | |
| then | |
| byebye | |
| fi | |
| echo "convert keystore to PKCS12 format" | |
| keytool -importkeystore -srckeystore $BN.jks -destkeystore "$BN.p12" -deststoretype PKCS12 -srcstorepass $PASS -deststorepass $PASS | |
| echo "convertion finished!" | |
| echo "extract private key with password" | |
| openssl pkcs12 -nocerts -in "$BN.p12" -out "$BN.pem" -password "pass:$PASS" -passin "pass:$PASS" -passout "pass:$PASS" | |
| echo "extract private key OK" | |
| echo "destroy password!" | |
| openssl rsa -in "$BN.pem" -out "$BN.nopass.pem" -passin "pass:$PASS" | |
| echo "OK" | |
| echo "Final report" | |
| echo "---------------------------------------------------------------------------------------------" | |
| echo "$BN.jks - java keystore file having private in it!!!! BACK IT UP!!!" | |
| echo "$BN.csr - certification request file, email it the CA orgnization." | |
| echo "$BN.p12 - openssl keystore with same password, not so important, you can delete it." | |
| echo "$BN.pem - private key file with password" | |
| echo "$BN.nopass.pem - private key file without password, DON'T GIVE IT ANY ONE YOU DON'T TRUST!!!" | |
| echo "---------------------------------------------------------------------------------------------" | |
| byebye |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment