Last active
August 29, 2015 14:01
-
-
Save starkers/e49cae06659ad49a8a16 to your computer and use it in GitHub Desktop.
Generate a webserver csr quickly and easily
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# simple templating script for Generating CSR's -david@starkers.org 121001 | |
# .. this relies on having openssl availble in your path .. | |
# Its not elegant but its easy to use.. | |
# | |
# TODO: too much ugly wraping of whitespace into openssl commands | |
# (there is another way but I forgot and this works) | |
# This program is free software. It comes without any warranty, to | |
# the extent permitted by applicable law. You can redistribute it | |
# and/or modify it under the terms of the Do What The Fuck You Want | |
# To Public License, Version 2, as published by Sam Hocevar. See | |
# http://sam.zoy.org/wtfpl/COPYING for more details. */ | |
DOMAIN="$1" | |
COUNTRY="GB" | |
STATE="England" | |
LOCALITY="London" | |
ORGANISATION="My company name" | |
DEPARTMENT="" | |
EMAIL="webmaster@yourdomain.com" | |
shopt -q | |
echo "-=[ Starting with the required quesions.. ]=-" | |
unset INPUT | |
echo "Domain: what domain are we making a CSR for? -blank for [$DOMAIN]?" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
DOMAIN="$INPUT" | |
fi | |
FQDN="$DOMAIN" | |
unset INPUT | |
echo "Common Name: what will the FQDN for the live site be? -blank for ["$DOMAIN"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
FQDN="$INPUT" | |
fi | |
unset INPUT | |
echo "email address?: -blank for ["$EMAIL"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
EMAIL="$INPUT" | |
fi | |
unset INPUT | |
echo "Country Name (2 letter code): Leave blank for ["$COUNTRY"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
COUNTRY="$INPUT" | |
fi | |
unset INPUT | |
echo "State/province: leave blank for ["$STATE"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
STATE="$INPUT" | |
fi | |
unset INPUT | |
echo "Locality/city: leave blank for ["$LOCALITY"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
LOCALITY="$INPUT" | |
fi | |
unset INPUT | |
echo "Organisation Name: leave blank for ["$ORGANISATION"]" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
ORGANISATION="$INPUT" | |
fi | |
unset INPUT | |
echo "Organisation Unit: IE Department name.. This is normally blank" | |
read INPUT | |
if [ ! "$INPUT" == "" ]; then | |
DEPARTMENT="$INPUT" | |
fi | |
echo "-=[ Please confirm this is correct:... ]=-" | |
echo | |
cat << EOF | |
domain requested: $DOMAIN | |
Country Name (2 letter code) [US]: $COUNTRY | |
State or Province Name (full name) [Some-State]: $STATE | |
Locality Name (eg, city) []: $LOCALITY | |
Organization Name (eg, company): $ORGANISATION | |
Organizational Unit Name (eg, section) []: $DEPARTMENT | |
Common Name (eg, YOUR name) []: $FQDN | |
Email Address []: $EMAIL | |
An optional company name []: | |
EOF | |
echo "-=[ ^c to cancel, [enter] to continue ]=-" | |
read confirm | |
tilt(){ | |
echo "There has been an error, I will not overwrite $1" | |
exit 1 | |
} | |
if [ -f "$DOMAIN.key" ]; then tilt "$DOMAIN.key" ; fi | |
echo "-=[ Generating $DOMAIN.key ]=-" | |
## 1024 is now conscidered insecure.. generate a 2048 key-ds110908 | |
#openssl genrsa -out $DOMAIN.key 1024 | |
openssl genrsa -out $DOMAIN.key 2048 | |
if [ -f "$DOMAIN.crt" ]; then tilt "$DOMAIN.crt" ; fi | |
echo "-=[ Generating $DOMAIN.crt ]=-" | |
#openssl req -new -key $DOMAIN.key -out $DOMAIN.csr <<EOF | |
#updated 120405 to force SHA1 as MD5 is insecure | |
openssl req -new -sha1 -key $DOMAIN.key -out $DOMAIN.csr <<EOF | |
$COUNTRY | |
$STATE | |
$LOCALITY | |
$ORGANISATION | |
$DEPARTMENT | |
$FQDN | |
EOF | |
cat >>$DOMAIN.string<<EOF | |
$COUNTRY | |
$STATE | |
$LOCALITY | |
$ORGANISATION | |
$DEPARTMENT | |
$FQDN | |
EOF | |
printf "\n\n\n## OK DONE.. \n\nSign your own cert with something like this:\n\topenssl x509 -req -days 1825 -in ${DOMAIN}.csr -signkey ${DOMAIN}.key -out ${DOMAIN}.crt\n" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment