ViktorStiskala · January 19, 2016 21:24
diff --git a/install.sh b/install.sh
 wget -O /usr/local/bin/generate-ssl-cert 'https://gist.githubusercontent.com/hareevs/10252835/raw/f167b8584b306b23bc2e001a23b3cb68d75f91dc/SSL%2520cert%2520generator.sh'
 chmod +x /usr/local/bin/generate-ssl-cert
diff --git a/SSL cert generator.sh b/SSL cert generator.sh
 #!/bin/bash
 # CONFIGURATION
 openssl_config_file=$(openssl ca 2>&1 | grep "Using configuration from" | sed 's/Using configuration from //g')

 ################################################################################
 txtgrn='\e[0;32m'
 txtred='\e[0;31m'
 txtrst='\e[0m'

 config_tempfile=$(mktemp --suffix openssl)
 trap "rm $config_tempfile; exit" SIGHUP SIGINT SIGQUIT SIGTERM # remove config tempfile upon termination

 read -p "Key length [2048]: " keysize
 keysize=${keysize:-2048}
 read -p "Destination filename [server]: " filename
 filename=${filename:-server}

 echo -ne "$txtgrn"
 read -p "Enter subject alternative names separated by whitespace []: " altnames
 echo -ne "$txtrst"

 # copy content to config tempfile
 cat "$openssl_config_file" > "$config_tempfile"

 if [ ! -z $altnames ]
 then
 cat >> "$config_tempfile" << EOF
 [req]
 req_extensions = v3_req

 [ v3_req ]

 # Extensions to add to a certificate request

 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names

 [alt_names]
 EOF
 fi

 # expand altnames
 counter=1
 for name in $altnames
 do
        echo "DNS.$counter = $name" >> "$config_tempfile"
        let counter=counter+1
 done

 # generate key + csr
 openssl req -nodes -newkey rsa:$keysize -keyout "${filename}.key" -out "${filename}.csr" -config "$config_tempfile"

 if [ $? -eq 0 ]
 then
        echo -e "${txtgrn}Generated certificate:"
        openssl req -text -noout -in "${filename}.csr" | grep -E "Subject:|DNS:" | sed -e 's/^\s*//'
        echo -ne "$txtrst"
 else
        echo -e "${txtred}Failed to generate certificate${txtrst}"
 fi

 # cleanup
 rm "$config_tempfile"
	wget -O /usr/local/bin/generate-ssl-cert 'https://gist.githubusercontent.com/hareevs/10252835/raw/f167b8584b306b23bc2e001a23b3cb68d75f91dc/SSL%2520cert%2520generator.sh'
	chmod +x /usr/local/bin/generate-ssl-cert
	#!/bin/bash
	# CONFIGURATION
	openssl_config_file=$(openssl ca 2>&1 \| grep "Using configuration from" \| sed 's/Using configuration from //g')

	################################################################################
	txtgrn='\e[0;32m'
	txtred='\e[0;31m'
	txtrst='\e[0m'

	config_tempfile=$(mktemp --suffix openssl)
	trap "rm $config_tempfile; exit" SIGHUP SIGINT SIGQUIT SIGTERM # remove config tempfile upon termination

	read -p "Key length [2048]: " keysize
	keysize=${keysize:-2048}
	read -p "Destination filename [server]: " filename
	filename=${filename:-server}

	echo -ne "$txtgrn"
	read -p "Enter subject alternative names separated by whitespace []: " altnames
	echo -ne "$txtrst"

	# copy content to config tempfile
	cat "$openssl_config_file" > "$config_tempfile"

	if [ ! -z $altnames ]
	then
	cat >> "$config_tempfile" << EOF
	[req]
	req_extensions = v3_req

	[ v3_req ]

	# Extensions to add to a certificate request

	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	subjectAltName = @alt_names

	[alt_names]
	EOF
	fi

	# expand altnames
	counter=1
	for name in $altnames
	do
	echo "DNS.$counter = $name" >> "$config_tempfile"
	let counter=counter+1
	done

	# generate key + csr
	openssl req -nodes -newkey rsa:$keysize -keyout "${filename}.key" -out "${filename}.csr" -config "$config_tempfile"

	if [ $? -eq 0 ]
	then
	echo -e "${txtgrn}Generated certificate:"
	openssl req -text -noout -in "${filename}.csr" \| grep -E "Subject:\|DNS:" \| sed -e 's/^\s*//'
	echo -ne "$txtrst"
	else
	echo -e "${txtred}Failed to generate certificate${txtrst}"
	fi

	# cleanup
	rm "$config_tempfile"