initialed85 · May 8, 2023 01:59
diff --git a/generate-ssl-key-and-csr-and-pem.md b/generate-ssl-key-and-csr-and-pem.md
diff --git a/generate-ssl-key-and-csr-and-pem.sh b/generate-ssl-key-and-csr-and-pem.sh
 #!/usr/bin/env bash

 set -e

 SSL_KEY="${SSL_KEY:-ssl.key}"
 SSL_PEM="${SSL_PEM:-ssl.pem}"
 SSL_CSR="${SSL_CSR:-ssl.csr}"
 RSA_BITS="${RSA_BITS:-4096}"
 DAYS="${DAYS:-397}"

 if [[ ${*} != "" ]]; then
  echo -e "$(basename "${0}")\n\na script to help generated a self-signed ${SSL_KEY} and ${SSL_PEM} / a ${SSL_KEY} and a ${SSL_CSR}"

  echo -e "\nusage (self-signed ${SSL_KEY} and ${SSL_PEM}):"
  echo "SELF_SIGNED=1 FQDN=your.domain.org [CLEAN=0 DAYS=${DAYS} SSL_KEY=${SSL_KEY} SSL_PEM=${SSL_PEM} SSL_CSR=${SSL_CSR} RSA_BITS=${RSA_BITS}] ./$(basename "${0}")"

  echo -e "\nusage (${SSL_KEY} and ${SSL_CSR})"
  echo "SELF_SIGNED=0 FQDN=your.domain.org [CLEAN=0 DAYS=${DAYS} SSL_KEY=${SSL_KEY} SSL_PEM=${SSL_PEM} SSL_CSR=${SSL_CSR} RSA_BITS=${RSA_BITS}] ./$(basename "${0}")"
  exit 1
 fi

 PLATFORM=$(uname)
 export PLATFORM
 echo "PLATFORM=$(uname)"

 openssl_config=""
 if [[ "${PLATFORM}" == "Darwin" ]]; then
  openssl_config="/System/Library/OpenSSL/openssl.cnf"
 elif [[ "${PLATFORM}" == "Linux" ]]; then
  openssl_config="/etc/ssl/openssl.cnf"
 else
  echo -e "\nerror: unsupported platform: ${PLATFORM}"
  exit 1
 fi

 SELF_SIGNED=${SELF_SIGNED:-}
 if [[ "${SELF_SIGNED}" == "" ]]; then
  echo "SELF_SIGNED env var empty or unset"
  exit 1
 fi
 export SELF_SIGNED
 echo "SELF_SIGNED=${SELF_SIGNED}"

 FQDN=${FQDN:-}
 if [[ "${FQDN}" == "" ]]; then
  echo "FQDN env var empty or unset"
  exit 1
 fi
 export FQDN
 echo "FQDN=${FQDN}"

 DAYS=${DAYS:-${DAYS}}
 export DAYS
 echo "DAYS=${DAYS}"

 if [[ -e ${SSL_KEY} ]] || [[ -e ${SSL_CSR} ]] || [[ -e ${SSL_PEM} ]]; then
  if [[ "${CLEAN}" != "1" ]]; then
    echo -e "\nerror: one or more of ${SSL_KEY}, ${SSL_CSR}, ${SSL_PEM} already exist (hint: use CLEAN=1 if they're unimportant)"
    exit 1
  else
    # shellcheck disable=SC2038
    echo -e "\nwarning: CLEAN=1 set; deleting $(find . -maxdepth 1 -type f -name 'ssl.*' | xargs)"
    rm -fv ssl.* >/dev/null 2>&1
  fi
 fi

 if [[ "${SELF_SIGNED}" == "1" ]]; then
  echo -e "\nGenerating self-signed ${SSL_KEY} and ${SSL_PEM} files...\n"
  openssl req \
    -newkey rsa:"${RSA_BITS}" \
    -x509 \
    -nodes \
    -keyout "${SSL_KEY}" \
    -new \
    -out "${SSL_PEM}" \
    -subj /CN="${FQDN}" \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat ${openssl_config} \
      <(printf "[SAN]\nsubjectAltName=DNS:%s" "${FQDN}")) \
    -sha256 \
    -days "${DAYS}"

  echo -e "\nVerifying ssl.* files:\n"

  echo "./${SSL_KEY}"
  openssl rsa -check -in "${SSL_KEY}"

  echo "./${SSL_PEM}"
  openssl x509 -text -noout -in "${SSL_PEM}"
 else
  echo -e "\nGenerating ${SSL_KEY} and ${SSL_CSR} files...\n"
  openssl req \
    -newkey rsa:"${RSA_BITS}" \
    -nodes \
    -keyout "${SSL_KEY}" \
    -out "${SSL_CSR}" \
    -subj /CN="${FQDN}" \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat ${openssl_config} \
      <(printf "[SAN]\nsubjectAltName=DNS:%s" "${FQDN}")) \
    -sha256 \
    -days "${DAYS}"

  echo -e "\nVerifying ssl.* files:\n"

  echo "./${SSL_KEY}"
  openssl rsa -check -in "${SSL_KEY}"

  echo "./${SSL_CSR}"
  openssl req -text -noout -verify -in "${SSL_CSR}"
 fi

 echo -e "\nGenerated ssl.* file content:\n"
 # shellcheck disable=SC2156
 find . -maxdepth 1 -type f -name 'ssl.*' -exec sh -c 'echo "# {}"; cat {}; echo ""' \;

 echo -e "Generated ssl.* files:\n"
 find . -maxdepth 1 -type f -name 'ssl.*'
	#!/usr/bin/env bash

	set -e

	SSL_KEY="${SSL_KEY:-ssl.key}"
	SSL_PEM="${SSL_PEM:-ssl.pem}"
	SSL_CSR="${SSL_CSR:-ssl.csr}"
	RSA_BITS="${RSA_BITS:-4096}"
	DAYS="${DAYS:-397}"

	if [[ ${*} != "" ]]; then
	echo -e "$(basename "${0}")\n\na script to help generated a self-signed ${SSL_KEY} and ${SSL_PEM} / a ${SSL_KEY} and a ${SSL_CSR}"

	echo -e "\nusage (self-signed ${SSL_KEY} and ${SSL_PEM}):"
	echo "SELF_SIGNED=1 FQDN=your.domain.org [CLEAN=0 DAYS=${DAYS} SSL_KEY=${SSL_KEY} SSL_PEM=${SSL_PEM} SSL_CSR=${SSL_CSR} RSA_BITS=${RSA_BITS}] ./$(basename "${0}")"

	echo -e "\nusage (${SSL_KEY} and ${SSL_CSR})"
	echo "SELF_SIGNED=0 FQDN=your.domain.org [CLEAN=0 DAYS=${DAYS} SSL_KEY=${SSL_KEY} SSL_PEM=${SSL_PEM} SSL_CSR=${SSL_CSR} RSA_BITS=${RSA_BITS}] ./$(basename "${0}")"
	exit 1
	fi

	PLATFORM=$(uname)
	export PLATFORM
	echo "PLATFORM=$(uname)"

	openssl_config=""
	if [[ "${PLATFORM}" == "Darwin" ]]; then
	openssl_config="/System/Library/OpenSSL/openssl.cnf"
	elif [[ "${PLATFORM}" == "Linux" ]]; then
	openssl_config="/etc/ssl/openssl.cnf"
	else
	echo -e "\nerror: unsupported platform: ${PLATFORM}"
	exit 1
	fi

	SELF_SIGNED=${SELF_SIGNED:-}
	if [[ "${SELF_SIGNED}" == "" ]]; then
	echo "SELF_SIGNED env var empty or unset"
	exit 1
	fi
	export SELF_SIGNED
	echo "SELF_SIGNED=${SELF_SIGNED}"

	FQDN=${FQDN:-}
	if [[ "${FQDN}" == "" ]]; then
	echo "FQDN env var empty or unset"
	exit 1
	fi
	export FQDN
	echo "FQDN=${FQDN}"

	DAYS=${DAYS:-${DAYS}}
	export DAYS
	echo "DAYS=${DAYS}"

	if [[ -e ${SSL_KEY} ]] \|\| [[ -e ${SSL_CSR} ]] \|\| [[ -e ${SSL_PEM} ]]; then
	if [[ "${CLEAN}" != "1" ]]; then
	echo -e "\nerror: one or more of ${SSL_KEY}, ${SSL_CSR}, ${SSL_PEM} already exist (hint: use CLEAN=1 if they're unimportant)"
	exit 1
	else
	# shellcheck disable=SC2038
	echo -e "\nwarning: CLEAN=1 set; deleting $(find . -maxdepth 1 -type f -name 'ssl.*' \| xargs)"
	rm -fv ssl.* >/dev/null 2>&1
	fi
	fi

	if [[ "${SELF_SIGNED}" == "1" ]]; then
	echo -e "\nGenerating self-signed ${SSL_KEY} and ${SSL_PEM} files...\n"
	openssl req \
	-newkey rsa:"${RSA_BITS}" \
	-x509 \
	-nodes \
	-keyout "${SSL_KEY}" \
	-new \
	-out "${SSL_PEM}" \
	-subj /CN="${FQDN}" \
	-reqexts SAN \
	-extensions SAN \
	-config <(cat ${openssl_config} \
	<(printf "[SAN]\nsubjectAltName=DNS:%s" "${FQDN}")) \
	-sha256 \
	-days "${DAYS}"

	echo -e "\nVerifying ssl.* files:\n"

	echo "./${SSL_KEY}"
	openssl rsa -check -in "${SSL_KEY}"

	echo "./${SSL_PEM}"
	openssl x509 -text -noout -in "${SSL_PEM}"
	else
	echo -e "\nGenerating ${SSL_KEY} and ${SSL_CSR} files...\n"
	openssl req \
	-newkey rsa:"${RSA_BITS}" \
	-nodes \
	-keyout "${SSL_KEY}" \
	-out "${SSL_CSR}" \
	-subj /CN="${FQDN}" \
	-reqexts SAN \
	-extensions SAN \
	-config <(cat ${openssl_config} \
	<(printf "[SAN]\nsubjectAltName=DNS:%s" "${FQDN}")) \
	-sha256 \
	-days "${DAYS}"

	echo -e "\nVerifying ssl.* files:\n"

	echo "./${SSL_KEY}"
	openssl rsa -check -in "${SSL_KEY}"

	echo "./${SSL_CSR}"
	openssl req -text -noout -verify -in "${SSL_CSR}"
	fi

	echo -e "\nGenerated ssl.* file content:\n"
	# shellcheck disable=SC2156
	find . -maxdepth 1 -type f -name 'ssl.*' -exec sh -c 'echo "# {}"; cat {}; echo ""' \;

	echo -e "Generated ssl.* files:\n"
	find . -maxdepth 1 -type f -name 'ssl.*'