bendechrai · August 29, 2015 14:01 · bendechrai · Jul 1, 2014
diff --git a/gencert b/gencert
 #!/bin/bash

 ################################################################################################################
 #
 # Place this script in /etc/ssl/private and chown it root and chmod 700
 #
 # This script will generate basic OpenSSL files and self-sign a certificate
 #
 # Usage is `gencert domain.name` and the result is domain.name.{key,csr,crt,pem}
 # If the domain name provided is a wildcard, the asterisk is replaced with an underscore
 #
 # Files are stored in a directory with name including current timestamp. It's recommended to symlink the files
 # to the /etc/ssl/private directory and use those in other configuration files, for ease of replacing
 # certificates in the future.
 #
 # CSR is created using OpenSSL defaults to all questions with the exception of common name, which is domain.name
 # 
 ################################################################################################################



 # Ensure we're in the same directory at this script
 pushd `dirname $0` > /dev/null

 # Get the domain and filenames
 domain=$1
 filename=`echo $1 | sed "s/\*/_/"`

 # If no domain, display usage information
 if [ $domain"" = "" ]
 then
        echo Usage: $0 domain-name
        popd > /dev/null
        exit
 fi

 # We're going to store the files in a directory with the current date appended, so we never clobber previous certificates
 dir=$filename.`date +%F`

 if [ -d $dir ]
 then
        echo Directory $dir exists already. Aborting
        popd > /dev/null
        exit
 fi

 # Create the directory
 mkdir $dir
 cd $dir

 # Create the key
 openssl genrsa -rand /var/log/messages -out $filename.key 4096

 # Create the CSR, feeding answers to the interactive process via echo and pipe
 echo "
 .
 .
 .
 .
 $domain
 .
 .
 .
 " | openssl req -new -sha256 -key $filename.key -out $filename.csr

 # Self sign the CSR
 openssl x509 -req -days 365 -in $filename.csr -signkey $filename.key -out $filename.crt

 # Concat the key and crt to create a pem file
 cat $filename.key $filename.crt > $filename.pem

 # Secure access permissions
 chmod 600 $filename.*

 echo
 echo Certificate for $domain self-signed. Use this CSR if you want to create another certificate
 echo
 cat $filename.csr

 popd > /dev/null
	#!/bin/bash

	################################################################################################################
	#
	# Place this script in /etc/ssl/private and chown it root and chmod 700
	#
	# This script will generate basic OpenSSL files and self-sign a certificate
	#
	# Usage is `gencert domain.name` and the result is domain.name.{key,csr,crt,pem}
	# If the domain name provided is a wildcard, the asterisk is replaced with an underscore
	#
	# Files are stored in a directory with name including current timestamp. It's recommended to symlink the files
	# to the /etc/ssl/private directory and use those in other configuration files, for ease of replacing
	# certificates in the future.
	#
	# CSR is created using OpenSSL defaults to all questions with the exception of common name, which is domain.name
	#
	################################################################################################################



	# Ensure we're in the same directory at this script
	pushd `dirname $0` > /dev/null

	# Get the domain and filenames
	domain=$1
	filename=`echo $1 \| sed "s/\*/_/"`

	# If no domain, display usage information
	if [ $domain"" = "" ]
	then
	echo Usage: $0 domain-name
	popd > /dev/null
	exit
	fi

	# We're going to store the files in a directory with the current date appended, so we never clobber previous certificates
	dir=$filename.`date +%F`

	if [ -d $dir ]
	then
	echo Directory $dir exists already. Aborting
	popd > /dev/null
	exit
	fi

	# Create the directory
	mkdir $dir
	cd $dir

	# Create the key
	openssl genrsa -rand /var/log/messages -out $filename.key 4096

	# Create the CSR, feeding answers to the interactive process via echo and pipe
	echo "
	.
	.
	.
	.
	$domain
	.
	.
	.
	" \| openssl req -new -sha256 -key $filename.key -out $filename.csr

	# Self sign the CSR
	openssl x509 -req -days 365 -in $filename.csr -signkey $filename.key -out $filename.crt

	# Concat the key and crt to create a pem file
	cat $filename.key $filename.crt > $filename.pem

	# Secure access permissions
	chmod 600 $filename.*

	echo
	echo Certificate for $domain self-signed. Use this CSR if you want to create another certificate
	echo
	cat $filename.csr

	popd > /dev/null