joelverhagen/generate_cert.sh

## generate_cert.sh

#!/bin/bash

# ensure the script is running as root
if [ "$(id -u)" != "0" ]; then
  echo "This script must be run as root." 1>&2
  exit 1
fi

NAME=${1:-self-signed}

KEY_FILE_SOURCE=`mktemp`
CSR_FILE_SOURCE=`mktemp`
CRT_FILE_SOURCE=`mktemp`
DER_FILE_SOURCE=`mktemp`

echo "Generating private key."
echo "================================================================"
openssl genrsa -out $KEY_FILE_SOURCE 1024
echo "================================================================"
echo

echo "Generating certificate signing request."
echo "================================================================"
openssl req -new -key $KEY_FILE_SOURCE -out $CSR_FILE_SOURCE
echo "================================================================"
echo

echo "Generating self-signed certificate."
echo "================================================================"
openssl x509 -req -days 365 -in $CSR_FILE_SOURCE -signkey $KEY_FILE_SOURCE -out $CRT_FILE_SOURCE
echo "================================================================"
echo

# we don't need the CSR file anymore
rm $CSR_FILE_SOURCE

echo "Generating certificate in DER format."
echo "================================================================"
openssl x509 -outform der -in $CRT_FILE_SOURCE -out $DER_FILE_SOURCE
echo '(done)'
echo "================================================================"
echo

echo "Automatic installation assumes that following:"
echo "- the private key is stored at /etc/ssl/private/ssl-cert-snakeoil.key"
echo "- the certificate is stored at /etc/ssl/certs/ssl-cert-snakeoil.pem"
echo
echo -n "Would you like to automatically install the private key and certificate? (Y/n) "
read install

if [ "$install" == "Y" ]; then
  KEY_FILE_DESTINATION=/etc/ssl/private/ssl-cert-snakeoil.key
  CRT_FILE_DESTINATION=/etc/ssl/certs/ssl-cert-snakeoil.pem

  echo "The old private key has been backed up to $KEY_FILE_DESTINATION.old"
  mv $KEY_FILE_DESTINATION $KEY_FILE_DESTINATION.old
  echo "The old certificate has been backed up to $KEY_FILE_DESTINATION.old"
  mv $CRT_FILE_DESTINATION $CRT_FILE_DESTINATION.old
else
  KEY_FILE_DESTINATION=./${NAME}.key
  CRT_FILE_DESTINATION=./${NAME}.pem
fi

mv $KEY_FILE_SOURCE $KEY_FILE_DESTINATION
echo "The private key has been placed at $KEY_FILE_DESTINATION"

mv $CRT_FILE_SOURCE $CRT_FILE_DESTINATION
echo "The certificate has been placed at $CRT_FILE_DESTINATION"

mv $DER_FILE_SOURCE ./${NAME}.der
echo "The DER certificate has been placed at ./$NAME.der"

if [ "$install" == "Y" ]; then
  echo
  echo "Restarting Apache."
  echo "================================================================"
  service apache2 restart
  echo "================================================================"
fi

	#!/bin/bash

	# ensure the script is running as root
	if [ "$(id -u)" != "0" ]; then
	echo "This script must be run as root." 1>&2
	exit 1
	fi

	NAME=${1:-self-signed}

	KEY_FILE_SOURCE=`mktemp`
	CSR_FILE_SOURCE=`mktemp`
	CRT_FILE_SOURCE=`mktemp`
	DER_FILE_SOURCE=`mktemp`

	echo "Generating private key."
	echo "================================================================"
	openssl genrsa -out $KEY_FILE_SOURCE 1024
	echo "================================================================"
	echo

	echo "Generating certificate signing request."
	echo "================================================================"
	openssl req -new -key $KEY_FILE_SOURCE -out $CSR_FILE_SOURCE
	echo "================================================================"
	echo

	echo "Generating self-signed certificate."
	echo "================================================================"
	openssl x509 -req -days 365 -in $CSR_FILE_SOURCE -signkey $KEY_FILE_SOURCE -out $CRT_FILE_SOURCE
	echo "================================================================"
	echo

	# we don't need the CSR file anymore
	rm $CSR_FILE_SOURCE

	echo "Generating certificate in DER format."
	echo "================================================================"
	openssl x509 -outform der -in $CRT_FILE_SOURCE -out $DER_FILE_SOURCE
	echo '(done)'
	echo "================================================================"
	echo

	echo "Automatic installation assumes that following:"
	echo "- the private key is stored at /etc/ssl/private/ssl-cert-snakeoil.key"
	echo "- the certificate is stored at /etc/ssl/certs/ssl-cert-snakeoil.pem"
	echo
	echo -n "Would you like to automatically install the private key and certificate? (Y/n) "
	read install

	if [ "$install" == "Y" ]; then
	KEY_FILE_DESTINATION=/etc/ssl/private/ssl-cert-snakeoil.key
	CRT_FILE_DESTINATION=/etc/ssl/certs/ssl-cert-snakeoil.pem

	echo "The old private key has been backed up to $KEY_FILE_DESTINATION.old"
	mv $KEY_FILE_DESTINATION $KEY_FILE_DESTINATION.old
	echo "The old certificate has been backed up to $KEY_FILE_DESTINATION.old"
	mv $CRT_FILE_DESTINATION $CRT_FILE_DESTINATION.old
	else
	KEY_FILE_DESTINATION=./${NAME}.key
	CRT_FILE_DESTINATION=./${NAME}.pem
	fi

	mv $KEY_FILE_SOURCE $KEY_FILE_DESTINATION
	echo "The private key has been placed at $KEY_FILE_DESTINATION"

	mv $CRT_FILE_SOURCE $CRT_FILE_DESTINATION
	echo "The certificate has been placed at $CRT_FILE_DESTINATION"

	mv $DER_FILE_SOURCE ./${NAME}.der
	echo "The DER certificate has been placed at ./$NAME.der"

	if [ "$install" == "Y" ]; then
	echo
	echo "Restarting Apache."
	echo "================================================================"
	service apache2 restart
	echo "================================================================"
	fi