Script to create new Cert Authority
| #!/bin/bash | |
| function usage () { | |
| echo "$0 [CA section name]" | |
| exit 1 | |
| } | |
| if [ $# -ne 1 ] | |
| then | |
| usage | |
| fi | |
| CA_NAME="$1" | |
| SSL_DIR="/etc/ssl" | |
| SSL_PRIVATE_DIR="$SSL_DIR/${CA_NAME}/private" | |
| SSL_CERTS_DIR="$SSL_DIR/${CA_NAME}/certs" | |
| mkdir -p ${SSL_PRIVATE_DIR} | |
| mkdir -p ${SSL_CERTS_DIR} | |
| touch $SSL_DIR/${CA_NAME}/index.txt | |
| touch $SSL_DIR/${CA_NAME}/crlnumber | |
| # Create the CA Key and Certificate for signing Client Certs (good for 3 yrs) | |
| openssl genrsa -des3 -out $SSL_PRIVATE_DIR/ca.key 4096 | |
| openssl req -new -x509 -days 1095 -key $SSL_PRIVATE_DIR/ca.key -out $SSL_CERTS_DIR/ca.crt | |
| # Create a Certificate Revocation list for removing 'user certificates.' | |
| openssl ca -name ${CA_NAME} -gencrl -keyfile $SSL_PRIVATE_DIR/ca.key -cert $SSL_CERTS_DIR/ca.crt -out $SSL_PRIVATE_DIR/ca.crl -crldays 1095 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment