Created
January 29, 2017 06:16
-
-
Save tejashah88/94182c147ba8a9bcd6be0890a8381c3a to your computer and use it in GitHub Desktop.
This script allows you to generate the needed SSL certificates and other files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Source: OpenSSL Certificate Authority: https://jamielinux.com/docs/openssl-certificate-authority/index.html | |
# A function which pauses execution until 'Enter' is pressed | |
# If at least one parameter is given, that parameter will be displayed instead | |
pause() { | |
if [ $# -eq 0 ] | |
then | |
read -rsp $'Press enter to continue...\n' | |
else | |
read -rsp $1$'\n' | |
fi | |
} | |
# Prepare the root directory | |
echo "Preparing root directory..." | |
mkdir /root | |
mkdir /root/ca | |
cd /root/ca | |
mkdir certs crl newcerts private | |
chmod 700 private | |
touch index.txt | |
echo 1000 > serial | |
# ROOT | |
# Prepare the root configuration file | |
echo "Preparing root configuration file..." | |
wget -O openssl.cnf 'https://jamielinux.com/docs/openssl-certificate-authority/_downloads/root-config.txt' | |
# Create the root key | |
echo "Creating root key..." | |
cd /root/ca | |
openssl genrsa -aes256 -out private/ca.key.pem 4096 | |
chmod 400 private/ca.key.pem | |
# Create the root certificate | |
echo "Creating root certificate..." | |
cd /root/ca | |
openssl req -config openssl.cnf \ | |
-key private/ca.key.pem \ | |
-new -x509 -days 7300 -sha256 -extensions v3_ca \ | |
-out certs/ca.cert.pem | |
chmod 444 certs/ca.cert.pem | |
# Verify the root certificate | |
echo "Verifying root certificate..." | |
openssl x509 -noout -text -in certs/ca.cert.pem | |
pause | |
# INTERMEDIATE | |
# Prepare the intermediate directory | |
echo "Preparing intermediate directory..." | |
mkdir /root/ca/intermediate | |
cd /root/ca/intermediate | |
mkdir certs crl csr newcerts private | |
chmod 700 private | |
touch index.txt | |
echo 1000 > serial | |
echo 1000 > /root/ca/intermediate/crlnumber | |
# Prepare the intermediate configuration file | |
echo "Preparing intermediate configuration file..." | |
wget -O openssl.cnf 'https://jamielinux.com/docs/openssl-certificate-authority/_downloads/intermediate-config.txt' | |
# Create the intermediate key | |
echo "Creating intermediate key..." | |
cd /root/ca | |
openssl genrsa -aes256 \ | |
-out intermediate/private/intermediate.key.pem 4096 | |
chmod 400 intermediate/private/intermediate.key.pem | |
# Create the intermediate certificate | |
# NOTE: can have same values as root certificate, EXCEPT for common name | |
echo "Creating intermediate certificate..." | |
cd /root/ca | |
openssl req -config intermediate/openssl.cnf -new -sha256 \ | |
-key intermediate/private/intermediate.key.pem \ | |
-out intermediate/csr/intermediate.csr.pem | |
openssl ca -config openssl.cnf -extensions v3_intermediate_ca \ | |
-days 3650 -notext -md sha256 \ | |
-in intermediate/csr/intermediate.csr.pem \ | |
-out intermediate/certs/intermediate.cert.pem | |
chmod 444 intermediate/certs/intermediate.cert.pem | |
# Verify the intermediate certificate | |
echo "Verifying intermediate certificate..." | |
openssl x509 -noout -text \ | |
-in intermediate/certs/intermediate.cert.pem | |
openssl verify -CAfile certs/ca.cert.pem \ | |
intermediate/certs/intermediate.cert.pem | |
pause | |
# Create the certificate chain file | |
echo "Creating certificate chain file..." | |
cat intermediate/certs/intermediate.cert.pem \ | |
certs/ca.cert.pem > intermediate/certs/ca-chain.cert.pem | |
chmod 444 intermediate/certs/ca-chain.cert.pem | |
pause |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment