avshabanov · August 29, 2015 14:25
diff --git a/openssl-gen-certs.sh b/openssl-gen-certs.sh
 #! /bin/bash
 
 # certificates are valids during 365 days
 VALID=365
 TMPPASS="test"

 while [[ -z "$password" ]]
 do
  read -s -p "Enter password for the Certificate Authority (CA) key: " password
  echo
 done
 
 if [ -f "ca.key" ]
 then
  echo "Certificate Authorithy key already exists: we'll use this ca.key..."
  openssl rsa -in ca.key -check -passin pass:${password} > /dev/null
  if [ $? -ne 0 ]
  then
    echo "CA password provided is wrong..."
    echo "Aborting."
    exit 1
  fi
 else
  echo 01 > ca.srl
  echo "Generating CA key..."
  openssl genrsa -passout pass:${password} -des3 -out ca.key 2048
  echo "Generating CA certificate..."
  openssl req -passin pass:${password} -new -x509 -days ${VALID} -key ca.key -out ca.crt
 fi

 while [[ -z "$hostname" ]]
 do
  read -p "Enter hostname to be used for the server certificate: " hostname
  echo
 done
 
 echo "Generating server key..."
 openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-server.key 2048
 echo "Generating server certificate..."
 openssl req -subj "/CN=${hostname}" -passin pass:${TMPPASS} -new -key ${hostname}-server.key -out ${hostname}-server.csr
 echo "Signing server certificate with our CA..."
 openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-server.csr -CA ca.crt -CAkey ca.key -out ${hostname}-server.crt
 
 echo "Generating client key..."
 openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-client.key 2048
 echo "Generating client certificate..."
 openssl req -subj "/CN=client" -passin pass:${TMPPASS} -new -key ${hostname}-client.key -out ${hostname}-client.csr
 echo extendedKeyUsage = clientAuth > extfile.cnf
 echo "Signing client certificate with our CA..."
 openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-client.csr -CA ca.crt -CAkey ca.key -out ${hostname}-client.crt -extfile extfile.cnf
 
 echo "Removing passphrase from the server key..."
 openssl rsa -passin pass:${TMPPASS} -in ${hostname}-server.key -out ${hostname}-server.key
 echo "Removing passphrase from the client key..."
 openssl rsa -passin pass:${TMPPASS} -in ${hostname}-client.key -out ${hostname}-client.key

 echo "Clean up temporary files..."
 rm ${hostname}-client.csr ${hostname}-server.csr extfile.cnf
	#! /bin/bash

	# certificates are valids during 365 days
	VALID=365
	TMPPASS="test"

	while [[ -z "$password" ]]
	do
	read -s -p "Enter password for the Certificate Authority (CA) key: " password
	echo
	done

	if [ -f "ca.key" ]
	then
	echo "Certificate Authorithy key already exists: we'll use this ca.key..."
	openssl rsa -in ca.key -check -passin pass:${password} > /dev/null
	if [ $? -ne 0 ]
	then
	echo "CA password provided is wrong..."
	echo "Aborting."
	exit 1
	fi
	else
	echo 01 > ca.srl
	echo "Generating CA key..."
	openssl genrsa -passout pass:${password} -des3 -out ca.key 2048
	echo "Generating CA certificate..."
	openssl req -passin pass:${password} -new -x509 -days ${VALID} -key ca.key -out ca.crt
	fi

	while [[ -z "$hostname" ]]
	do
	read -p "Enter hostname to be used for the server certificate: " hostname
	echo
	done

	echo "Generating server key..."
	openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-server.key 2048
	echo "Generating server certificate..."
	openssl req -subj "/CN=${hostname}" -passin pass:${TMPPASS} -new -key ${hostname}-server.key -out ${hostname}-server.csr
	echo "Signing server certificate with our CA..."
	openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-server.csr -CA ca.crt -CAkey ca.key -out ${hostname}-server.crt

	echo "Generating client key..."
	openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-client.key 2048
	echo "Generating client certificate..."
	openssl req -subj "/CN=client" -passin pass:${TMPPASS} -new -key ${hostname}-client.key -out ${hostname}-client.csr
	echo extendedKeyUsage = clientAuth > extfile.cnf
	echo "Signing client certificate with our CA..."
	openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-client.csr -CA ca.crt -CAkey ca.key -out ${hostname}-client.crt -extfile extfile.cnf

	echo "Removing passphrase from the server key..."
	openssl rsa -passin pass:${TMPPASS} -in ${hostname}-server.key -out ${hostname}-server.key
	echo "Removing passphrase from the client key..."
	openssl rsa -passin pass:${TMPPASS} -in ${hostname}-client.key -out ${hostname}-client.key

	echo "Clean up temporary files..."
	rm ${hostname}-client.csr ${hostname}-server.csr extfile.cnf