Created
October 26, 2017 16:41
-
-
Save jlor/32f0e84e3bd505cd4b7607a9342b853f to your computer and use it in GitHub Desktop.
Quick and handy script for creating certificates for servers on a home network
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Author: Jakob Rosenlund | |
### Date: 2017-10-26 | |
### | |
### Network settings | |
DOMAIN="tm234.lan" | |
IP_START="10.0.0" | |
### | |
### Certificate Authority file paths | |
ROOT_KEY="aaboet.rootCA.key" # Secret key | |
ROOT_PEM="aaboet.rootCA.pem" # CA certificate | |
### | |
### Certificate details -- CN will be set further down | |
CERT_SUBJ="/C=DK/ST=Aarhus/L=Trige/O=Home Network/OU=Operations" | |
### That's it! Moving the cursor beyond this point breaks all warranties. | |
CERTNAME=$1 | |
IP_EXT=$2 | |
echo "Let's create some TRUST!" | |
echo | |
if [ -z "${CERTNAME}" ]; then | |
read -p "Please provide a hostname: " CERTNAME | |
else | |
echo "Certificate name: ${CERTNAME}" | |
fi | |
if [ -z "${IP_EXT}" ]; then | |
read -p "Please provide the IP: ${IP_START}." IP_EXT | |
else | |
echo "IP address: ${IP_START}.${IP_EXT}" | |
fi | |
echo | |
echo "Alrighty, let's begin!" | |
sleep 3 | |
## Create key and create signing request for this key. | |
echo | |
CERT_SUBJ="${CERT_SUBJ}/CN=${CERTNAME}.${DOMAIN}" | |
openssl req -newkey rsa:4096 -nodes -subj "${CERT_SUBJ}" -keyout ${CERTNAME}.key -out ${CERTNAME}.csr &>/dev/null | |
if [[ -f ${CERTNAME}.key && -f ${CERTNAME}.csr ]]; then | |
echo "** Key and signing request created!" | |
sleep 3 | |
else | |
echo "!! Something went wrong :-( ..bye" | |
exit | |
fi | |
## Read that signing request and sign it | |
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${CERTNAME}.${DOMAIN},IP:${IP_START}.${IP_EXT}") -days 365 -in ${CERTNAME}.csr -CA ${ROOT_PEM} -CAkey ${ROOT_KEY} -CAcreateserial -out ${CERTNAME}.crt &>/dev/null | |
if [ -f ${CERTNAME}.crt ]; then | |
echo "** Certificate has been signed successfully!" | |
else | |
echo "!! Something went wrong :-( ..bye" | |
exit | |
fi | |
## Pack it up | |
echo | |
tar czf ${CERTNAME}.tgz ${CERTNAME}.key ${CERTNAME}.csr ${CERTNAME}.crt | |
if tar -tf ${CERTNAME}.tgz ${CERTNAME}.key >/dev/null 2>&1; then | |
rm ${CERTNAME}.{key,csr,crt} | |
echo ":-)" | |
echo "Signed certificate, key and signing request (why not) is at ${CERTNAME}.tgz" | |
else | |
echo ":-(" | |
echo ".tgz creation failed. These files have been left for you:" | |
ls -l ${CERTNAME}* | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment