Created
March 8, 2019 09:14
-
-
Save phillipharding/d189ff70b066c6ba50533ad4923eb26d to your computer and use it in GitHub Desktop.
Generates a certificate to use in app-only authentication scenarios with Office 365 Azure AD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
CERTFILE=certificate.cer | |
PRIVATEKEYFILE=private-key.pem | |
DAYS=1095 | |
echo " | |
Generated certificate will have an expiry of $DAYS days [$((DAYS / 365)) years] from today. | |
" | |
openssl req -x509 -newkey rsa:2048 -sha1 -keyout $PRIVATEKEYFILE -out $CERTFILE -nodes -set_serial 1 -days $DAYS -config cert-config.cnf | |
# get certificate and private keys | |
CERT=$(cat $CERTFILE) | |
PRV=$(cat $PRIVATEKEYFILE) | |
# generate keyId | |
UUID=$(uuidgen | awk '{print tolower($0)}') | |
# key certificate thumbprint | |
FP=$(openssl x509 -in $CERTFILE -fingerprint -noout | sed "s/^SHA[^=]*=\(.*\)$/\1/" | sed "s/://g" | awk '{print tolower($0)}') | |
# key certificate thumbprint (hex -> base64) | |
CKI=$(echo $FP | xxd -r -p | base64) | |
# get one-line PEM | |
PEM=$(awk 'NF {sub(/\r\n/, ""); printf "%s",$0;}' $CERTFILE) | |
PEMOL=$(echo $PEM | sed -E -e "s/-----(BEGIN|END) CERTIFICATE-----//g") | |
# echo "$PEM" | |
# echo "KeyId:$UUID" && echo "Fingerprint: $FP" && echo "Custom Key Identifier: $CKI" && echo "Certificate:\n$PEMOL" | |
echo "" | |
echo -e "\033[0mKey Credentials: | |
\033[32m{ | |
\t\"customKeyIdentifier\": \"$CKI\", | |
\t\"value\": \"$PEMOL\", | |
\t\"keyId\": \"$UUID\", | |
\t\"usage\": \"Verify\", | |
\t\"type\": \"AsymmetricX509Cert\", | |
} \033[0m | |
" | |
echo -e "\033[0mPrivate Key: | |
\033[32m$PRV \033[0m | |
" | |
echo -e "\033[0mCertificate: | |
\033[32m$CERT \033[0m | |
" | |
echo -e "\033[0mCertificate Fingerprint: | |
\033[32m$FP \033[0m | |
" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[req] | |
prompt = no | |
distinguished_name = req_distinguished_name | |
req_extensions = v3_req | |
x509_extensions = usr_cert | |
[ req_distinguished_name ] | |
C=GB | |
ST=Lancashire | |
L=Manchester | |
O=Company Name | |
OU=Company Name UK | |
CN=Purpose | |
[ usr_cert ] | |
basicConstraints = CA:true | |
keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyCertSign | |
nsCertType = server, client, email, objsign, sslCA, emailCA, objCA | |
extendedKeyUsage = clientAuth,serverAuth,codeSigning,emailProtection,timeStamping | |
subjectKeyIdentifier = hash | |
[ v3_req ] | |
basicConstraints = CA:true | |
keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyCertSign | |
nsCertType = server, client, email, objsign, sslCA, emailCA, objCA | |
extendedKeyUsage = clientAuth,serverAuth,codeSigning,emailProtection,timeStamping | |
subjectKeyIdentifier = hash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment