Skip to content

Instantly share code, notes, and snippets.

@bbinet
Created August 26, 2014 08:10
Show Gist options
  • Save bbinet/a68c8f8381f36d484042 to your computer and use it in GitHub Desktop.
Save bbinet/a68c8f8381f36d484042 to your computer and use it in GitHub Desktop.
#! /bin/bash
# certificates are valids during 365 days
VALID=365
TMPPASS="test"
while [[ -z "$password" ]]
do
read -s -p "Enter password for the Certificate Authority (CA) key: " password
echo
done
if [ -f "ca.key" ]
then
echo "Certificate Authorithy key already exists: we'll use this ca.key..."
openssl rsa -in ca.key -check -passin pass:${password} > /dev/null
if [ $? -ne 0 ]
then
echo "CA password provided is wrong..."
echo "Aborting."
exit 1
fi
else
echo 01 > ca.srl
echo "Generating CA key..."
openssl genrsa -passout pass:${password} -des3 -out ca.key 2048
echo "Generating CA certificate..."
openssl req -passin pass:${password} -new -x509 -days ${VALID} -key ca.key -out ca.crt
fi
while [[ -z "$hostname" ]]
do
read -p "Enter hostname to be used for the server certificate: " hostname
echo
done
echo "Generating server key..."
openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-server.key 2048
echo "Generating server certificate..."
openssl req -subj "/CN=${hostname}" -passin pass:${TMPPASS} -new -key ${hostname}-server.key -out ${hostname}-server.csr
echo "Signing server certificate with our CA..."
openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-server.csr -CA ca.crt -CAkey ca.key -out ${hostname}-server.crt
echo "Generating client key..."
openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-client.key 2048
echo "Generating client certificate..."
openssl req -subj "/CN=client" -passin pass:${TMPPASS} -new -key ${hostname}-client.key -out ${hostname}-client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
echo "Signing client certificate with our CA..."
openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-client.csr -CA ca.crt -CAkey ca.key -out ${hostname}-client.crt -extfile extfile.cnf
echo "Removing passphrase from the server key..."
openssl rsa -passin pass:${TMPPASS} -in ${hostname}-server.key -out ${hostname}-server.key
echo "Removing passphrase from the client key..."
openssl rsa -passin pass:${TMPPASS} -in ${hostname}-client.key -out ${hostname}-client.key
echo "Clean up temporary files..."
rm ${hostname}-client.csr ${hostname}-server.csr extfile.cnf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment