Created
August 26, 2015 10:30
-
-
Save ari/17ce731dc883f8b9c025 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
SSL/TLS certificate generator | |
This script will either create a new key + csr for a new ssl domain or just a new csr, if you already have a key and | |
you are just renewing a cert | |
''' | |
from __future__ import absolute_import | |
import salt.pillar | |
import salt.utils.minions | |
from subprocess import Popen, PIPE, call | |
from email.mime.text import MIMEText | |
openssl = "/usr/bin/openssl" | |
import os.path | |
baseDir = "/usr/local/etc/salt/data/ssl-in-progress" | |
def createCSR(domain): | |
if domain is None: | |
raise ValueError("Error: you must pass a domain.") | |
if '.' not in domain: | |
raise ValueError("Error: domain '{0}' invalid.".format(domain) ) | |
keyFile = os.path.join( baseDir, domain + ".key" ) | |
csrFile = os.path.join( baseDir, domain + ".csr" ) | |
_generateKey(keyFile) | |
call([openssl, "req", "-new", "-key", keyFile, "-out", csrFile, "-subj", getSubject(domain)]) | |
email = "Go to this link and get the certificate signed: https://products.geotrust.com/geocenter/reseller/logon.do\n\n" | |
csrFilePtr = open(csrFile, "r+") | |
email = email + csrFilePtr.read(); | |
csrFilePtr.close() | |
sendMail("SSL Certificate signing request for " + domain, email) | |
''' | |
Create a new keyfile using entropy from the system | |
''' | |
def _generateKey(keyfile): | |
if keyfile is None: | |
raise ValueError("Error: you must pass a path to the keyfile.") | |
if os.path.isfile(keyfile): | |
raise ValueError("Error: there is already a file in the path you passed. Aborting.") | |
call([openssl, "genrsa", "-out", keyfile, "2048"]) | |
''' | |
Get the subject of the SSL csr from pillar data | |
''' | |
def getSubject(domain): | |
minion = "smash01" | |
saltenv = 'base' | |
id_, grains, _ = salt.utils.minions.get_minion_data(minion, __opts__) | |
if grains is None: | |
grains = {'fqdn': minion} | |
pillar = salt.pillar.Pillar( __opts__, grains, id_, saltenv).compile_pillar() | |
sites = pillar['haproxy']['sites'] | |
for key in sites: | |
if sites[key].get('hostname') == domain: | |
site_ssl = sites[key].get('ssl') | |
break | |
if site_ssl is None: | |
raise ValueError("Error: The domain you passed isn't in the haproxy pillar yet.") | |
subject = {} | |
subject['C'] = site_ssl.get('country') or "AU" | |
subject['ST'] = site_ssl.get('state') or "NSW" | |
subject['L'] = site_ssl.get('location') or "Sydney" | |
subject['O'] = site_ssl.get('organisation') | |
subject['OU'] = site_ssl.get('department') or "website" | |
subject['CN'] = domain | |
subject['emailAddress'] = "***" | |
s = "" | |
for key in subject: | |
s = s + "/" + key + "=" + subject[key] | |
return s | |
def sendMail(subject, content): | |
msg = MIMEText(content) | |
msg["From"] = "***" | |
msg["To"] = "***" | |
msg["Subject"] = subject | |
p = Popen(["/usr/sbin/sendmail", "-t", "-oi"], stdin=PIPE) | |
p.communicate(msg.as_string()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment