Last active
October 27, 2017 10:49
-
-
Save cmbuckley/ef5e9e96655e5b8579564d484d9a32c8 to your computer and use it in GitHub Desktop.
Crete a CSR and split the intermediates from a CRT chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $# -lt 1 ]; then | |
echo "Usage: $(basename "$0") DOMAIN [ALTERNATIVES]..." >&2 | |
exit 1 | |
fi | |
# first arugment is the CN | |
domain=${1//\*/wild} | |
config="$domain.cnf" | |
cat <<EOF > "$config" | |
[ req ] | |
default_bits = 2048 | |
default_md = sha256 | |
prompt = no | |
distinguished_name = req_dn | |
req_extensions = req_extensions | |
[ req_dn ] | |
countryName = GB | |
stateOrProvinceName = West Yorkshire | |
localityName = Leeds | |
postalCode = LS1 4AP | |
streetAddress = 2 Wellington Place | |
organizationName = Hestview Limited | |
commonName = $1 | |
[ req_extensions ] | |
subjectAltName = @alt_names | |
[ alt_names ] | |
EOF | |
# list the arguments as SANs | |
for (( i=1; i<=$#; i++ )); do | |
echo "DNS.$i = ${!i}" >> "$config" | |
done | |
openssl genrsa -out "$domain.key" 2048 | |
openssl req -new -key "$domain.key" -config "$config" -out "$domain.csr" | |
cat "$domain.csr" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# describes a CER file as provided by Comodo (root-intermediates-cert) | |
class Cerfile | |
def initialize(path) | |
@path = path | |
@data = File.read(path).split(/(?<=-)\n(?=-)/) | |
end | |
# gets site certificate as the last value in the data array | |
def get_cert | |
@data.last | |
end | |
# gets the chain required, removing the root (cert-intermediates) | |
def get_chain | |
@data.drop(1).reverse.join("\n") | |
end | |
# returns the certificate filename provided with file extension removed | |
def name | |
File.basename(@path).split('.').first.gsub('_', '.') | |
end | |
end | |
cert = Cerfile.new(ARGV[0]) | |
File.write(cert.name + '.crt', cert.get_chain) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment