devpkiconix/config.sh

## config.sh
## -------------------------------------------------------------
## ------------------- CONFIG SECTION BEGIN --------------------
# Passwords
CAPASS=1234                     # password for CA priv key
SERVERPASS=1234                 # password for server priv key
CLIENTPASS=1234                 # password for client priv key

KEYSIZE=2048                    # size of keys
ALGO=aes128

OUTPUT_DIR=keys                 # dir for output files

CERT_VALIDITY=365               # in days

CA_NAME="ROOT CA 4"              # CA Name
SERVER_NAME="localhost"         # host name
CLIENT_NAME="client 1"          # client name

COUNTRY="US"
STATE="CA"
CITY="SF"
ORG="Acme, Inc"                # user bacslashes to escape whitespace

CA_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CA_NAME"
SERVER_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$SERVER_NAME"
CLIENT_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CLIENT_NAME"

# File names
CA_KEY_FILE="ca.key"
SERVER_KEY_FILE="server.key"
CLIENT_KEY_FILE="client.key"
SERVER_CSR_FILE="server.csr"
CLIENT_CSR_FILE="client.csr"
CA_CERT_FILE="ca.crt"
SERVER_CERT_FILE="server.crt"
CLIENT_CERT_FILE="client.crt"


## ------------------- CONFIG SECTION END   --------------------
## -------------------------------------------------------------

## genkeys.sh
#!/bin/bash
set -e                          # bail on error

. config.sh                     # configuration data

mkdir "$OUTPUT_DIR"
cd $OUTPUT_DIR

green=`tput setaf 2`
normal=`tput sgr0`

echo "${green}Generating CA private key...${normal}"
# CA private key
openssl genrsa -$ALGO -passout pass:$CAPASS -out $CA_KEY_FILE $KEYSIZE
# CA Cert
echo "${green}Generating self-signed CA cert...${normal}"
openssl req \
  -new -x509 \
  -days "$CERT_VALIDITY" \
  -key "$CA_KEY_FILE" \
  -passin pass:$CAPASS \
  -out ca.crt \
  -subj "$CA_SUBJECT" > /dev/null

# server private key
echo "${green}Generating server private key...${normal}"
openssl genrsa -$ALGO -passout pass:1234 -out "$SERVER_KEY_FILE"  "$KEYSIZE"
#server CSR
echo "${green}Generating server CSR...${normal}"
openssl req -new -key "$SERVER_KEY_FILE" -out "$SERVER_CSR_FILE" -passin pass:$SERVERPASS  -subj "$SERVER_SUBJECT"

# sign server cert
echo "${green}Generating server Cert, signed by CA...${normal}"
openssl x509 -req \
  -days "$CERT_VALIDITY" \
  -in "$SERVER_CSR_FILE" \
  -CA "$CA_CERT_FILE" \
  -CAkey "$CA_KEY_FILE" \
  -passin pass:$CAPASS \
  -set_serial 01 \
  -out "$SERVER_CERT_FILE"

# client private key
echo "${green}Generating client private key ...${normal}"
openssl genrsa -$ALGO -passout pass:1234 -out "$CLIENT_KEY_FILE"  "$KEYSIZE"
#client CSR
echo "${green}Generating client CSR...${normal}"
openssl req -new -key "$CLIENT_KEY_FILE" -out "$CLIENT_CSR_FILE" -passin pass:$CLIENTPASS  -subj "$CLIENT_SUBJECT"
# sign client cert
echo "${green}Generating client Cert, signed by CA...${normal}"
openssl x509 -req \
  -days "$CERT_VALIDITY" \
  -in "$CLIENT_CSR_FILE" \
  -CA ca.crt \
  -CAkey "$CA_KEY_FILE" \
  -passin pass:$CAPASS \
  -set_serial 01 \
  -out "$CLIENT_CERT_FILE"
	## -------------------------------------------------------------
	## ------------------- CONFIG SECTION BEGIN --------------------
	# Passwords
	CAPASS=1234 # password for CA priv key
	SERVERPASS=1234 # password for server priv key
	CLIENTPASS=1234 # password for client priv key

	KEYSIZE=2048 # size of keys
	ALGO=aes128

	OUTPUT_DIR=keys # dir for output files

	CERT_VALIDITY=365 # in days

	CA_NAME="ROOT CA 4" # CA Name
	SERVER_NAME="localhost" # host name
	CLIENT_NAME="client 1" # client name

	COUNTRY="US"
	STATE="CA"
	CITY="SF"
	ORG="Acme, Inc" # user bacslashes to escape whitespace

	CA_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CA_NAME"
	SERVER_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$SERVER_NAME"
	CLIENT_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CLIENT_NAME"

	# File names
	CA_KEY_FILE="ca.key"
	SERVER_KEY_FILE="server.key"
	CLIENT_KEY_FILE="client.key"
	SERVER_CSR_FILE="server.csr"
	CLIENT_CSR_FILE="client.csr"
	CA_CERT_FILE="ca.crt"
	SERVER_CERT_FILE="server.crt"
	CLIENT_CERT_FILE="client.crt"


	## ------------------- CONFIG SECTION END --------------------
	## -------------------------------------------------------------
	#!/bin/bash
	set -e # bail on error

	. config.sh # configuration data

	mkdir "$OUTPUT_DIR"
	cd $OUTPUT_DIR

	green=`tput setaf 2`
	normal=`tput sgr0`

	echo "${green}Generating CA private key...${normal}"
	# CA private key
	openssl genrsa -$ALGO -passout pass:$CAPASS -out $CA_KEY_FILE $KEYSIZE
	# CA Cert
	echo "${green}Generating self-signed CA cert...${normal}"
	openssl req \
	-new -x509 \
	-days "$CERT_VALIDITY" \
	-key "$CA_KEY_FILE" \
	-passin pass:$CAPASS \
	-out ca.crt \
	-subj "$CA_SUBJECT" > /dev/null

	# server private key
	echo "${green}Generating server private key...${normal}"
	openssl genrsa -$ALGO -passout pass:1234 -out "$SERVER_KEY_FILE" "$KEYSIZE"
	#server CSR
	echo "${green}Generating server CSR...${normal}"
	openssl req -new -key "$SERVER_KEY_FILE" -out "$SERVER_CSR_FILE" -passin pass:$SERVERPASS -subj "$SERVER_SUBJECT"

	# sign server cert
	echo "${green}Generating server Cert, signed by CA...${normal}"
	openssl x509 -req \
	-days "$CERT_VALIDITY" \
	-in "$SERVER_CSR_FILE" \
	-CA "$CA_CERT_FILE" \
	-CAkey "$CA_KEY_FILE" \
	-passin pass:$CAPASS \
	-set_serial 01 \
	-out "$SERVER_CERT_FILE"

	# client private key
	echo "${green}Generating client private key ...${normal}"
	openssl genrsa -$ALGO -passout pass:1234 -out "$CLIENT_KEY_FILE" "$KEYSIZE"
	#client CSR
	echo "${green}Generating client CSR...${normal}"
	openssl req -new -key "$CLIENT_KEY_FILE" -out "$CLIENT_CSR_FILE" -passin pass:$CLIENTPASS -subj "$CLIENT_SUBJECT"
	# sign client cert
	echo "${green}Generating client Cert, signed by CA...${normal}"
	openssl x509 -req \
	-days "$CERT_VALIDITY" \
	-in "$CLIENT_CSR_FILE" \
	-CA ca.crt \
	-CAkey "$CA_KEY_FILE" \
	-passin pass:$CAPASS \
	-set_serial 01 \
	-out "$CLIENT_CERT_FILE"