Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to create new Cert Authority
#!/bin/bash
function usage () {
echo "$0 [CA section name]"
exit 1
}
if [ $# -ne 1 ]
then
usage
fi
CA_NAME="$1"
SSL_DIR="/etc/ssl"
SSL_PRIVATE_DIR="$SSL_DIR/${CA_NAME}/private"
SSL_CERTS_DIR="$SSL_DIR/${CA_NAME}/certs"
mkdir -p ${SSL_PRIVATE_DIR}
mkdir -p ${SSL_CERTS_DIR}
touch $SSL_DIR/${CA_NAME}/index.txt
touch $SSL_DIR/${CA_NAME}/crlnumber
# Create the CA Key and Certificate for signing Client Certs (good for 3 yrs)
openssl genrsa -des3 -out $SSL_PRIVATE_DIR/ca.key 4096
openssl req -new -x509 -days 1095 -key $SSL_PRIVATE_DIR/ca.key -out $SSL_CERTS_DIR/ca.crt
# Create a Certificate Revocation list for removing 'user certificates.'
openssl ca -name ${CA_NAME} -gencrl -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt -out $SSL_PRIVATE_DIR/ca.crl -crldays 1095
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.