jackinloadup/cert-generator

## cert-generator
#!/bin/bash

readonly PROGNAME="$(basename "$0")"
readonly PROGDIR="$(readlink -m "$(dirname "$0")")"
readonly ARGS="$@"
#readonly DAYS_IN_YEAR=365
#readonly YEARS=3
#readonly CERT_DAYS= $DAYS_IN_YEAR * $YEARS

HOSTNAME="$1"

if [ -z "$HOSTNAME" ]; then
  echo "No hostname provided"
  echo "  This tool will generate a certificate for use with NASA SAML/ICAM/LAUNCHPAD"
  echo
  echo "  EXAMPLE"
  echo "    ./$PROGNAME eva.nasa.gov"
  exit 1
fi


openssl req \
  -x509 \
  -nodes \
  -days 1095 \
  -subj "/C=US/ST=DC/L=Washington/O=NASA/OU=HQ/CN=$HOSTNAME" \
  -config openssl.cnf \
  -newkey rsa:2048 \
  -keyout $HOSTNAME.key \
  -out $HOSTNAME.crt

## openssl.cnf
# This definition stops the following lines choking if HOME isn't
# defined.
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd

default_days            = 730                   # how long to certify for
default_crl_days        = 30                    # how long before next CRL
default_md              = sha256                # which md to use.
preserve                    = no                        # keep passed DN ordering

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.

[ policy_anything ]
countryName                     = optional
stateOrProvinceName         = optional
localityName                = optional
organizationName            = optional
organizationalUnitName  = optional
commonName                      = supplied
emailAddress                = optional

####################################################################
[ req ]
email_in_dn                     = no
default_bits                = 2048
default_keyfile             = privkey.pem
distinguished_name          = req_distinguished_name
string_mask             = nombstr
x509_extensions         = v3_ca # The extentions to add to the self signed cert

[ req_attributes ]

[ req_distinguished_name ]
countryName                         = Country Name (2 letter code)
countryName_default             = US
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = DC

localityName                    = Locality Name (eg, city)
localityName_default    = Washington

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = NASA

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = HQ

commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64


[ v3_ca ]
basicConstraints                = CA:TRUE
nsComment                       = "NASA SAML sp Metadata X509 Certificate"
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
keyUsage                        = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment
	#!/bin/bash

	readonly PROGNAME="$(basename "$0")"
	readonly PROGDIR="$(readlink -m "$(dirname "$0")")"
	readonly ARGS="$@"
	#readonly DAYS_IN_YEAR=365
	#readonly YEARS=3
	#readonly CERT_DAYS= $DAYS_IN_YEAR * $YEARS

	HOSTNAME="$1"

	if [ -z "$HOSTNAME" ]; then
	echo "No hostname provided"
	echo " This tool will generate a certificate for use with NASA SAML/ICAM/LAUNCHPAD"
	echo
	echo " EXAMPLE"
	echo " ./$PROGNAME eva.nasa.gov"
	exit 1
	fi



	openssl req \
	-x509 \
	-nodes \
	-days 1095 \
	-subj "/C=US/ST=DC/L=Washington/O=NASA/OU=HQ/CN=$HOSTNAME" \
	-config openssl.cnf \
	-newkey rsa:2048 \
	-keyout $HOSTNAME.key \
	-out $HOSTNAME.crt
	# This definition stops the following lines choking if HOME isn't
	# defined.
	HOME = .
	RANDFILE = $ENV::HOME/.rnd

	default_days = 730 # how long to certify for
	default_crl_days = 30 # how long before next CRL
	default_md = sha256 # which md to use.
	preserve = no # keep passed DN ordering

	# For the 'anything' policy
	# At this point in time, you must list all acceptable 'object'
	# types.

	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	####################################################################
	[ req ]
	email_in_dn = no
	default_bits = 2048
	default_keyfile = privkey.pem
	distinguished_name = req_distinguished_name
	string_mask = nombstr
	x509_extensions = v3_ca # The extentions to add to the self signed cert

	[ req_attributes ]

	[ req_distinguished_name ]
	countryName = Country Name (2 letter code)
	countryName_default = US
	countryName_min = 2
	countryName_max = 2

	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = DC

	localityName = Locality Name (eg, city)
	localityName_default = Washington

	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = NASA

	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = HQ

	commonName = Common Name (e.g. server FQDN or YOUR name)
	commonName_max = 64


	[ v3_ca ]
	basicConstraints = CA:TRUE
	nsComment = "NASA SAML sp Metadata X509 Certificate"
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid,issuer:always
	keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment