Skip to content

Instantly share code, notes, and snippets.

@jlor
Created October 26, 2017 16:41
Show Gist options
  • Save jlor/32f0e84e3bd505cd4b7607a9342b853f to your computer and use it in GitHub Desktop.
Save jlor/32f0e84e3bd505cd4b7607a9342b853f to your computer and use it in GitHub Desktop.
Quick and handy script for creating certificates for servers on a home network
#!/bin/bash
### Author: Jakob Rosenlund
### Date: 2017-10-26
###
### Network settings
DOMAIN="tm234.lan"
IP_START="10.0.0"
###
### Certificate Authority file paths
ROOT_KEY="aaboet.rootCA.key" # Secret key
ROOT_PEM="aaboet.rootCA.pem" # CA certificate
###
### Certificate details -- CN will be set further down
CERT_SUBJ="/C=DK/ST=Aarhus/L=Trige/O=Home Network/OU=Operations"
### That's it! Moving the cursor beyond this point breaks all warranties.
CERTNAME=$1
IP_EXT=$2
echo "Let's create some TRUST!"
echo
if [ -z "${CERTNAME}" ]; then
read -p "Please provide a hostname: " CERTNAME
else
echo "Certificate name: ${CERTNAME}"
fi
if [ -z "${IP_EXT}" ]; then
read -p "Please provide the IP: ${IP_START}." IP_EXT
else
echo "IP address: ${IP_START}.${IP_EXT}"
fi
echo
echo "Alrighty, let's begin!"
sleep 3
## Create key and create signing request for this key.
echo
CERT_SUBJ="${CERT_SUBJ}/CN=${CERTNAME}.${DOMAIN}"
openssl req -newkey rsa:4096 -nodes -subj "${CERT_SUBJ}" -keyout ${CERTNAME}.key -out ${CERTNAME}.csr &>/dev/null
if [[ -f ${CERTNAME}.key && -f ${CERTNAME}.csr ]]; then
echo "** Key and signing request created!"
sleep 3
else
echo "!! Something went wrong :-( ..bye"
exit
fi
## Read that signing request and sign it
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${CERTNAME}.${DOMAIN},IP:${IP_START}.${IP_EXT}") -days 365 -in ${CERTNAME}.csr -CA ${ROOT_PEM} -CAkey ${ROOT_KEY} -CAcreateserial -out ${CERTNAME}.crt &>/dev/null
if [ -f ${CERTNAME}.crt ]; then
echo "** Certificate has been signed successfully!"
else
echo "!! Something went wrong :-( ..bye"
exit
fi
## Pack it up
echo
tar czf ${CERTNAME}.tgz ${CERTNAME}.key ${CERTNAME}.csr ${CERTNAME}.crt
if tar -tf ${CERTNAME}.tgz ${CERTNAME}.key >/dev/null 2>&1; then
rm ${CERTNAME}.{key,csr,crt}
echo ":-)"
echo "Signed certificate, key and signing request (why not) is at ${CERTNAME}.tgz"
else
echo ":-("
echo ".tgz creation failed. These files have been left for you:"
ls -l ${CERTNAME}*
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment