bbinet/openssl-gen-certs.sh

## openssl-gen-certs.sh
#! /bin/bash

# certificates are valids during 365 days
VALID=365
TMPPASS="test"

while [[ -z "$password" ]]
do
  read -s -p "Enter password for the Certificate Authority (CA) key: " password
  echo
done

if [ -f "ca.key" ]
then
  echo "Certificate Authorithy key already exists: we'll use this ca.key..."
  openssl rsa -in ca.key -check -passin pass:${password} > /dev/null
  if [ $? -ne 0 ]
  then
    echo "CA password provided is wrong..."
    echo "Aborting."
    exit 1
  fi
else
  echo 01 > ca.srl
  echo "Generating CA key..."
  openssl genrsa -passout pass:${password} -des3 -out ca.key 2048
  echo "Generating CA certificate..."
  openssl req -passin pass:${password} -new -x509 -days ${VALID} -key ca.key -out ca.crt
fi

while [[ -z "$hostname" ]]
do
  read -p "Enter hostname to be used for the server certificate: " hostname
  echo
done

echo "Generating server key..."
openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-server.key 2048
echo "Generating server certificate..."
openssl req -subj "/CN=${hostname}" -passin pass:${TMPPASS} -new -key ${hostname}-server.key -out ${hostname}-server.csr
echo "Signing server certificate with our CA..."
openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-server.csr -CA ca.crt -CAkey ca.key -out ${hostname}-server.crt

echo "Generating client key..."
openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-client.key 2048
echo "Generating client certificate..."
openssl req -subj "/CN=client" -passin pass:${TMPPASS} -new -key ${hostname}-client.key -out ${hostname}-client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
echo "Signing client certificate with our CA..."
openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-client.csr -CA ca.crt -CAkey ca.key -out ${hostname}-client.crt -extfile extfile.cnf

echo "Removing passphrase from the server key..."
openssl rsa -passin pass:${TMPPASS} -in ${hostname}-server.key -out ${hostname}-server.key
echo "Removing passphrase from the client key..."
openssl rsa -passin pass:${TMPPASS} -in ${hostname}-client.key -out ${hostname}-client.key

echo "Clean up temporary files..."
rm ${hostname}-client.csr ${hostname}-server.csr extfile.cnf
	#! /bin/bash

	# certificates are valids during 365 days
	VALID=365
	TMPPASS="test"

	while [[ -z "$password" ]]
	do
	read -s -p "Enter password for the Certificate Authority (CA) key: " password
	echo
	done

	if [ -f "ca.key" ]
	then
	echo "Certificate Authorithy key already exists: we'll use this ca.key..."
	openssl rsa -in ca.key -check -passin pass:${password} > /dev/null
	if [ $? -ne 0 ]
	then
	echo "CA password provided is wrong..."
	echo "Aborting."
	exit 1
	fi
	else
	echo 01 > ca.srl
	echo "Generating CA key..."
	openssl genrsa -passout pass:${password} -des3 -out ca.key 2048
	echo "Generating CA certificate..."
	openssl req -passin pass:${password} -new -x509 -days ${VALID} -key ca.key -out ca.crt
	fi

	while [[ -z "$hostname" ]]
	do
	read -p "Enter hostname to be used for the server certificate: " hostname
	echo
	done

	echo "Generating server key..."
	openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-server.key 2048
	echo "Generating server certificate..."
	openssl req -subj "/CN=${hostname}" -passin pass:${TMPPASS} -new -key ${hostname}-server.key -out ${hostname}-server.csr
	echo "Signing server certificate with our CA..."
	openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-server.csr -CA ca.crt -CAkey ca.key -out ${hostname}-server.crt

	echo "Generating client key..."
	openssl genrsa -des3 -passout pass:${TMPPASS} -out ${hostname}-client.key 2048
	echo "Generating client certificate..."
	openssl req -subj "/CN=client" -passin pass:${TMPPASS} -new -key ${hostname}-client.key -out ${hostname}-client.csr
	echo extendedKeyUsage = clientAuth > extfile.cnf
	echo "Signing client certificate with our CA..."
	openssl x509 -req -passin pass:${password} -days ${VALID} -in ${hostname}-client.csr -CA ca.crt -CAkey ca.key -out ${hostname}-client.crt -extfile extfile.cnf

	echo "Removing passphrase from the server key..."
	openssl rsa -passin pass:${TMPPASS} -in ${hostname}-server.key -out ${hostname}-server.key
	echo "Removing passphrase from the client key..."
	openssl rsa -passin pass:${TMPPASS} -in ${hostname}-client.key -out ${hostname}-client.key

	echo "Clean up temporary files..."
	rm ${hostname}-client.csr ${hostname}-server.csr extfile.cnf