Skip to content

Instantly share code, notes, and snippets.

@jgamblin
Created April 3, 2017 22:18
Show Gist options
  • Save jgamblin/bd04b9ef8fe3660f4a247cc7d2109df0 to your computer and use it in GitHub Desktop.
Save jgamblin/bd04b9ef8fe3660f4a247cc7d2109df0 to your computer and use it in GitHub Desktop.
Request, Approve and Download Digicert TLS Cert
#!/bin/bash
#Required
apikey=*YourAPIKey*
domain=*YourOrgDomain*
commonname=$(hostname --fqdn)
orgid=*YourOrgID*
#OV or EV or Private
cert_type=ov
#Change to your company details
country=*YourCountry*
state=*YourState*
locality=*YourCity*
organization=*YourOrg*
organizationalunit=*YourOU*
email=*YourEmail*
#Clear The Screen to make it pretty.
printf "\033c"
#Optional
password=certkeypassword
#Generate a key
printf "Creating Key.\033[0K\r"
openssl genrsa -des3 -passout pass:$password -out $commonname.key 2048 -noout > /dev/null 2>&1
#Remove passphrase from the key. Uncomment the line to remove the passphrase
printf "Removing passphrase from key.\033[0K\r"
openssl rsa -in $commonname.key -passin pass:$password -out $commonname.key > /dev/null 2>&1
#Create the request
printf "Creating CSR.\033[0K\r"
openssl req -new -key $commonname.key -out $commonname.csr -passin pass:$password \
-subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email" > /dev/null 2>&1
#Fix CSR
csr=$(tr -d ' \t\n\r\f' <$commonname.csr )
#Setup Cert Request
request_cert=$(< <(cat <<EOF
{
"certificate": {
"common_name": "$commonname",
"csr": "$csr",
"organization_units": [
"Data Center"
],
"server_platform": {
"id": 45
},
"signature_hash": "sha512"
},
"organization": {
"id": $orgid
},
"product": {
"type_hint": "$cert_type"
},
"validity_years": 3,
"disable_issuance_email": "true",
"disable_renewal_notifications": "true"
}
EOF
))
#Setup Cert Approval
request_issue=$(< <(cat <<EOF
{
"status": "approved"
}
EOF
))
printf "Requesting DigiCert Cert.\033[0K\r"
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Content-Type: application/json"' --data "'${request_cert}'" https://www.digicert.com/services/v2/order/certificate/ssl > order.txt
bash order.txt > ordered.txt
sleep 10
printf "Approving Digicert Cert.\033[0K\r"
ordernumber=$(cat ordered.txt | tr ':' ',' | awk -F',' '$4 ~ /id/ {print $5}')
echo curl -s -X PUT -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Content-Type: application/json"' --data "'${request_issue}'" "https://www.digicert.com/services/v2/request/${ordernumber}/status" > approve.txt
bash approve.txt
sleep 10
printf "Getting Cert Number.\033[0K\r"
otherordernumber=$(cat ordered.txt | tr ':' ',' | awk -F',' '$4 ~ /id/ {print $2}')
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Content-Type: application/json"' "https://www.digicert.com/services/v2/order/certificate/${otherordernumber}" > cert.txt
bash cert.txt > certs.txt
#printf "Sleeping For 60 Seconds To Allow Cert to Be Issued. \n"
secs=60
while [ $secs -gt 0 ]; do
echo -ne "Sleeping for $secs Seconds To Allow Cert to Be Issued.\033[0K\r"
sleep 1
: $((secs--))
done
printf "Downloading Certs.\033[0K\r"
certnumber=$(cat certs.txt | tr ':' ',' | awk -F',' '$4 ~ /id/ {print $5}')
#Uncomment for a P7B bundle of all the certs in a .p7b file
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Accept: */*"' "https://www.digicert.com/services/v2/certificate/${certnumber}/download/format/p7b" --output $commonname.p7b > p7b.txt
bash p7b.txt
#Uncomment for Individual .crts (zipped)
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Accept: */*"' "https://www.digicert.com/services/v2/certificate/${certnumber}/download/format/default" --output $commonname.zip > zip.txt
bash zip.txt
#Uncomment for a single .pem file containing all the certs
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Accept: */*"' "https://www.digicert.com/services/v2/certificate/${certnumber}/download/format/pem_all" --output $commonname.pem > pem.txt
bash pem.txt
#Uncomment for a single .pem file containing all the certs except for the root
echo curl -s -H '"X-DC-DEVKEY: '${apikey}'"' -H '"Accept: */*"' "https://www.digicert.com/services/v2/certificate/${certnumber}/download/format/pem_noroot" --output $commonname.noroot.pem > pem_noroot.txt
bash pem_noroot.txt
mkdir -p commands
mv *.txt \commands
printf "Done.\033[0K\r"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment