mcgarrigle · December 9, 2019 15:57
diff --git a/generate CA b/generate CA
 #!/bin/bash

 # Country Name (2 letter code) [XX]:GB
 # State or Province Name (full name) []:
 # Locality Name (eg, city) [Default City]:London
 # Organization Name (eg, company) [Default Company Ltd]:Company
 # Organizational Unit Name (eg, section) []:
 # Common Name (eg, your name or your server's hostname) []:ca.local
 # Email Address []:[email protected]

 answers() {
  echo GB
  echo "."
  echo London
  echo Company
  echo "."
  echo "."
  echo ca.example.com
  echo [email protected]
 }

 # generate key with this

 # openssl genrsa -out private/cakey.key 2048

 rm cacert.pem

 answers | openssl req -x509 -new -nodes -key private/cakey.key -sha256 -days 3650 -out cacert.pem

 openssl x509 -text -noout -in cacert.pem
diff --git a/generate cert b/generate cert
 #!/bin/bash

 # tls-simple-cert.sh
 #
 # usage:
 # tls-simple-cert.sh <fqdn>
 #

 DOMAIN="$(hostname -d)"
 SUBJECT="$1.${DOMAIN}"

 CONFIG="${SUBJECT}.conf"
 KEY="${SUBJECT}.key"

 cat > "${CONFIG}" <<EOF
 [req]
 default_bits = 2048
 prompt = no
 default_md = sha256
 distinguished_name = dn

 [dn]
 C = GB
 ST = London
 O = Company
 CN = ${SUBJECT}
 EOF

 # ------------------------------------------

 generate-key() {
  if [ ! -f "${KEY}" ]; then
    openssl genrsa -out "${KEY}" 4096
  fi
 }

 # ------------------------------------------
 # generate CSR from config

 generate-csr() {
  openssl req -new -sha256 \
    -key "${KEY}" \
    -nodes \
    -config "${CONFIG}" \
    -out "${SUBJECT}.csr"

  # openssl req -in "${SUBJECT}.csr" -noout -text
 }

 # ------------------------------------------
 # generate CERT from CSR

 generate-cert() {
  openssl x509 -req \
    -in "${SUBJECT}.csr" \
    -out "${SUBJECT}.crt" \
    -CA "cacert.pem" \
    -CAkey "private/cakey.key" \
    -CAcreateserial \
    -days 3650 \
    -sha256

  # openssl x509 -in "${SUBJECT}.crt" -text -noout
 }

 # ------------------------------------------

 generate-key
 generate-csr
 generate-cert
	#!/bin/bash

	# Country Name (2 letter code) [XX]:GB
	# State or Province Name (full name) []:
	# Locality Name (eg, city) [Default City]:London
	# Organization Name (eg, company) [Default Company Ltd]:Company
	# Organizational Unit Name (eg, section) []:
	# Common Name (eg, your name or your server's hostname) []:ca.local
	# Email Address []:[email protected]

	answers() {
	echo GB
	echo "."
	echo London
	echo Company
	echo "."
	echo "."
	echo ca.example.com
	echo [email protected]
	}

	# generate key with this

	# openssl genrsa -out private/cakey.key 2048

	rm cacert.pem

	answers \| openssl req -x509 -new -nodes -key private/cakey.key -sha256 -days 3650 -out cacert.pem

	openssl x509 -text -noout -in cacert.pem
	#!/bin/bash

	# tls-simple-cert.sh
	#
	# usage:
	# tls-simple-cert.sh <fqdn>
	#

	DOMAIN="$(hostname -d)"
	SUBJECT="$1.${DOMAIN}"

	CONFIG="${SUBJECT}.conf"
	KEY="${SUBJECT}.key"

	cat > "${CONFIG}" <<EOF
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	distinguished_name = dn

	[dn]
	C = GB
	ST = London
	O = Company
	CN = ${SUBJECT}
	EOF

	# ------------------------------------------

	generate-key() {
	if [ ! -f "${KEY}" ]; then
	openssl genrsa -out "${KEY}" 4096
	fi
	}

	# ------------------------------------------
	# generate CSR from config

	generate-csr() {
	openssl req -new -sha256 \
	-key "${KEY}" \
	-nodes \
	-config "${CONFIG}" \
	-out "${SUBJECT}.csr"

	# openssl req -in "${SUBJECT}.csr" -noout -text
	}

	# ------------------------------------------
	# generate CERT from CSR

	generate-cert() {
	openssl x509 -req \
	-in "${SUBJECT}.csr" \
	-out "${SUBJECT}.crt" \
	-CA "cacert.pem" \
	-CAkey "private/cakey.key" \
	-CAcreateserial \
	-days 3650 \
	-sha256

	# openssl x509 -in "${SUBJECT}.crt" -text -noout
	}

	# ------------------------------------------

	generate-key
	generate-csr
	generate-cert