yifeiyin/cert-helpers

## cert-helpers
#!/bin/bash

# See: https://wiki.yyin.me/guides/cert

function create-key-pair() {
  if [ $# -ne 1 ]; then echo 'Args: key pair name'; return; fi
  openssl genrsa -out $1.key 2048
}

function create-self-signed-cert() {
  if [ $# -ne 2 ]; then echo 'Args: key pair & cert name, expired after x days'; return; fi
  openssl req -new -x509 -days $2 -key $1.key -out $1.crt
}


function create-csr-template() {
  if [ $# -ne 1 ]; then echo 'Args: cnf & csr name'; return; fi
  cat > $1.cnf <<EOF
[ req ]
prompt             = no
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                =
stateOrProvinceName        =
localityName               =
organizationName           =
organizationUnitName       =
commonName                 = $1
emailAddress               =

[ req_ext ]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = test.example.com
IP.1 = 192.168.0.1
IP.2 = 127.0.0.1
EOF
  echo 'Template generated.'
  echo
  echo 'Use your favorite editor to edit the file "'"$1".cnf'".'
  echo
  echo 'Note: Some fields are optional. Empty fields need to be removed.'
  echo
  echo 'When completed, run  "'create-csr "$1"'"  to create the csr file.'
}

function create-csr-with-cnf() {
  if [ $# -ne 1 ]; then echo 'Args: key pair & csr name'; return; fi
  openssl req -new -key $1.key -out $1.csr -config $1.cnf
}

function create-csr-interactive() {
  if [ $# -ne 1 ]; then echo 'Args: key pair name'; return; fi
  openssl req -new -key $1.key -out $1.csr
}

function create-initial-srl() {
  if [ $# -ne 2 ]; then echo 'Args: CA file name, initial serial number'; return; fi
  echo $2 > $1.srl
}

function create-signed-cert-with-ext() {
  if [ $# -ne 3 ]; then echo 'Args: CA key pair & cert name, csr & crt & cnf name, expired after x days'; return; fi
  openssl x509 -req -CA $1.crt -CAkey $1.key -days $3 -sha256 -in $2.csr -out $2.crt -extensions req_ext -extfile $2.cnf
}

function create-signed-cert-no-ext() {
  if [ $# -ne 3 ]; then echo 'Args: CA key pair & cert name, csr & crt name, expired after x days'; return; fi
  openssl x509 -req -CA $1.crt -CAkey $1.key -days $3 -sha256 -in $2.csr -out $2.crt
}

function convert-cert-key-to-pkcs12() {
  if [ $# -ne 1 ]; then echo 'Args: cert & key & p12 name'; return; fi
  openssl pkcs12 -export -clcerts -in $1.crt -inkey $1.key -out $1.p12
}

function convert-cert-key-to-pem() {
  if [ $# -ne 1 ]; then echo 'Args: cert & key & pem name'; return; fi
  cat $1.crt $1.key > $1.pem
}

function convert-pkcs12-to-pem() {
  if [ $# -ne 1 ]; then echo 'Args: p12 & pem name'; return; fi
  openssl pkcs12 -clcerts -in $1.p12 -out $1.pem
}

function convert-pkcs12-to-cert-key() {
  if [ $# -ne 1 ]; then echo 'Args: p12 & cert & key name'; return; fi
  openssl pkcs12 -in $1.p12 -nocerts -nodes -out $1.key
  openssl pkcs12 -in $1.p12 -clcerts -nodes -out $1.crt
}
	#!/bin/bash

	# See: https://wiki.yyin.me/guides/cert

	function create-key-pair() {
	if [ $# -ne 1 ]; then echo 'Args: key pair name'; return; fi
	openssl genrsa -out $1.key 2048
	}

	function create-self-signed-cert() {
	if [ $# -ne 2 ]; then echo 'Args: key pair & cert name, expired after x days'; return; fi
	openssl req -new -x509 -days $2 -key $1.key -out $1.crt
	}


	function create-csr-template() {
	if [ $# -ne 1 ]; then echo 'Args: cnf & csr name'; return; fi
	cat > $1.cnf <<EOF
	[ req ]
	prompt = no
	default_bits = 2048
	distinguished_name = req_distinguished_name
	req_extensions = req_ext

	[ req_distinguished_name ]
	countryName =
	stateOrProvinceName =
	localityName =
	organizationName =
	organizationUnitName =
	commonName = $1
	emailAddress =

	[ req_ext ]
	extendedKeyUsage = serverAuth
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = localhost
	DNS.2 = test.example.com
	IP.1 = 192.168.0.1
	IP.2 = 127.0.0.1
	EOF
	echo 'Template generated.'
	echo
	echo 'Use your favorite editor to edit the file "'"$1".cnf'".'
	echo
	echo 'Note: Some fields are optional. Empty fields need to be removed.'
	echo
	echo 'When completed, run "'create-csr "$1"'" to create the csr file.'
	}

	function create-csr-with-cnf() {
	if [ $# -ne 1 ]; then echo 'Args: key pair & csr name'; return; fi
	openssl req -new -key $1.key -out $1.csr -config $1.cnf
	}

	function create-csr-interactive() {
	if [ $# -ne 1 ]; then echo 'Args: key pair name'; return; fi
	openssl req -new -key $1.key -out $1.csr
	}

	function create-initial-srl() {
	if [ $# -ne 2 ]; then echo 'Args: CA file name, initial serial number'; return; fi
	echo $2 > $1.srl
	}

	function create-signed-cert-with-ext() {
	if [ $# -ne 3 ]; then echo 'Args: CA key pair & cert name, csr & crt & cnf name, expired after x days'; return; fi
	openssl x509 -req -CA $1.crt -CAkey $1.key -days $3 -sha256 -in $2.csr -out $2.crt -extensions req_ext -extfile $2.cnf
	}

	function create-signed-cert-no-ext() {
	if [ $# -ne 3 ]; then echo 'Args: CA key pair & cert name, csr & crt name, expired after x days'; return; fi
	openssl x509 -req -CA $1.crt -CAkey $1.key -days $3 -sha256 -in $2.csr -out $2.crt
	}

	function convert-cert-key-to-pkcs12() {
	if [ $# -ne 1 ]; then echo 'Args: cert & key & p12 name'; return; fi
	openssl pkcs12 -export -clcerts -in $1.crt -inkey $1.key -out $1.p12
	}

	function convert-cert-key-to-pem() {
	if [ $# -ne 1 ]; then echo 'Args: cert & key & pem name'; return; fi
	cat $1.crt $1.key > $1.pem
	}

	function convert-pkcs12-to-pem() {
	if [ $# -ne 1 ]; then echo 'Args: p12 & pem name'; return; fi
	openssl pkcs12 -clcerts -in $1.p12 -out $1.pem
	}

	function convert-pkcs12-to-cert-key() {
	if [ $# -ne 1 ]; then echo 'Args: p12 & cert & key name'; return; fi
	openssl pkcs12 -in $1.p12 -nocerts -nodes -out $1.key
	openssl pkcs12 -in $1.p12 -clcerts -nodes -out $1.crt
	}