Last active
June 6, 2024 16:10
-
-
Save romantech/2efb04248933dc2a691ee1f55caba35f to your computer and use it in GitHub Desktop.
Bash Script to Generate OpenSSL Configuration File with Custom Parameters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# 기본 설정 | |
OUTPUT_CNF="openssl.cnf" | |
# 기본 값 | |
COUNTRY="US" | |
STATE="California" | |
LOCALITY="San Francisco" | |
ORGANIZATION="Home" | |
COMMON_NAME="localhost" | |
EMAIL="" | |
DNS_NAMES=() | |
IP_ADDRESSES=() | |
# 색상 지정 | |
green=$(tput setaf 2) | |
reset=$(tput sgr0) | |
# 사용법 안내 함수 | |
usage() { | |
echo "Usage: $0 [-c country] [-s state] [-l locality] [-o organization] [-n common_name] [-e email] [-d dns_names] [-i ip_addresses]" | |
echo " -c country Country Name (default: US, e.g., KR)" | |
echo " -s state State or Province Name (default: California, e.g., Seoul)" | |
echo " -l locality Locality Name (default: San Francisco, e.g., Seoul)" | |
echo " -o organization Organization Name (default: Home, e.g., My Company)" | |
echo " -n common_name Common Name (default: localhost, e.g., myserver.local)" | |
echo " -e email Email Address (default: '', e.g., admin@mydomain.com)" | |
echo " -d dns_names Comma-separated list of DNS names (default: '', e.g., example.com,www.example.com)" | |
echo " -i ip_addresses Comma-separated list of IP addresses (default: '', e.g., 192.168.1.1,192.168.1.2)" | |
exit 1 | |
} | |
# 옵션이 없으면 사용법 출력 | |
if [ $# -eq 0 ]; then | |
usage | |
fi | |
# 옵션 파싱 | |
while getopts "c:s:l:o:n:e:d:i:" opt; do | |
case ${opt} in | |
c) COUNTRY=$OPTARG ;; | |
s) STATE=$OPTARG ;; | |
l) LOCALITY=$OPTARG ;; | |
o) ORGANIZATION=$OPTARG ;; | |
n) COMMON_NAME=$OPTARG ;; | |
e) EMAIL=$OPTARG ;; | |
d) IFS=',' read -r -a DNS_NAMES <<<"$OPTARG" ;; | |
i) IFS=',' read -r -a IP_ADDRESSES <<<"$OPTARG" ;; | |
*) usage ;; | |
esac | |
done | |
# 디버깅 출력 함수 | |
print_debug_info() { | |
echo "COUNTRY=$COUNTRY" | |
echo "STATE=$STATE" | |
echo "LOCALITY=$LOCALITY" | |
echo "ORGANIZATION=$ORGANIZATION" | |
echo "COMMON_NAME=$COMMON_NAME" | |
echo "EMAIL=$EMAIL" | |
echo "DNS_NAMES=${DNS_NAMES[*]}" | |
echo "IP_ADDRESSES=${IP_ADDRESSES[*]}" | |
} | |
# openssl.cnf 파일 생성 함수 | |
generate_openssl_cnf() { | |
{ | |
cat <<EOL | |
[ req ] | |
default_bits = 2048 | |
default_keyfile = server-key.pem | |
distinguished_name = subject | |
req_extensions = req_ext | |
x509_extensions = x509_ext | |
string_mask = utf8only | |
[ subject ] | |
countryName = Country Name (2 letter code) | |
countryName_default = $COUNTRY | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = $STATE | |
localityName = Locality Name (e.g., city) | |
localityName_default = $LOCALITY | |
organizationName = Organization Name (e.g., company) | |
organizationName_default = $ORGANIZATION | |
commonName = Common Name (e.g. server FQDN or YOUR name) | |
commonName_default = $COMMON_NAME | |
emailAddress = Email Address | |
emailAddress_default = $EMAIL | |
[ x509_ext ] | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid, issuer | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment | |
subjectAltName = @alternate_names | |
nsComment = "OpenSSL Generated Certificate" | |
extendedKeyUsage = serverAuth, clientAuth | |
[ req_ext ] | |
subjectKeyIdentifier = hash | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment | |
subjectAltName = @alternate_names | |
nsComment = "OpenSSL Generated Certificate" | |
extendedKeyUsage = serverAuth, clientAuth | |
[ alternate_names ] | |
EOL | |
# DNS 이름 추가 | |
for i in "${!DNS_NAMES[@]}"; do | |
echo "DNS.$((i + 1)) = ${DNS_NAMES[$i]}" | |
done | |
# IP 주소 추가 | |
for i in "${!IP_ADDRESSES[@]}"; do | |
echo "IP.$((i + 1)) = ${IP_ADDRESSES[$i]}" | |
done | |
} >"$OUTPUT_CNF" | |
echo "${green}The cnf file has been created: $OUTPUT_CNF${reset}" | |
} | |
# 디버깅 정보 출력 | |
print_debug_info | |
# openssl.cnf 파일 생성 | |
generate_openssl_cnf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to use
-c
country: Country Name (default: US, e.g., KR)-s
state: State or Province Name (default: California, e.g., Seoul)-l
locality: Locality Name (default: San Francisco, e.g., Seoul)-o
organization: Organization Name (default: Home, e.g., My Company)-n
common_name: Common Name (default: localhost, e.g., myserver.local)-e
email: Email Address (default: "", e.g., admin@mydomain.com)-d
dns_names: Comma-separated list of DNS names (default: "", e.g., example.com,www.example.com)-i
ip_addresses: Comma-separated list of IP addresses (default: "", e.g., 192.168.1.1,192.168.1.2)Example