Skip to content

Instantly share code, notes, and snippets.

Last active September 22, 2017 20:45
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save marko-asplund/e89099859c6b12291e8b4e4e35383be7 to your computer and use it in GitHub Desktop.
# requires from OpenSSL:
# generating from OpenSSL source:
# /usr/bin/perl "-I." -Mconfigdata "util/" \
# "-oMakefile" apps/ > "apps/"
# sudo cp apps/ /usr/local/bin
# This script requires that a CA certificate has already been created and
# that the CA private key passphrase can be found in $CA_ROOT/ca-cert-passphrase.txt
# NB: OpenSSL doesn't handle concurrent access to the CA database.
# Wrap this script with flock command or use some other method to serialize access.
pass=`openssl rand -hex 18`
pushd `dirname $CA_ROOT`
echo "issuing certificate for $cn"
# create certificate request
SUBJECT="/C=FI/L=Helsinki/O=Practicing techie/CN=$cn/"
OPENSSL=$OPENSSL $CAPL -newreq -extra-req "-passout pass:$pass -subj '$SUBJECT'"
# sign certificate request
OPENSSL=$OPENSSL $CAPL -sign -extra-ca "-passin file:$CA_ROOT/ca-cert-passphrase.txt -batch"
if [ "$?" -ne 0 ]; then
echo "FATAL: failed to sign, aborting"
exit 1
# export private key unencrypted, archive files
$OPENSSL rsa -in newkey.pem -out newkey-nodes.pem -passin pass:$pass
mkdir -p $CERT_BASE/$cn
mv new*.pem $CERT_BASE/$cn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment