-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathSSL-keygen.sh
More file actions
executable file
·109 lines (95 loc) · 3.98 KB
/
SSL-keygen.sh
File metadata and controls
executable file
·109 lines (95 loc) · 3.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
###########################################################
# Script to create web server keys #
# By Alberto Lepe (www.alepe.com, www.support.ne.jp) #
# Created: 19VIII2010 #
# Version: 28VI2017 #
###########################################################
# Domain name: e.g. example.com
DOMAIN=$1
# Key length: 1024, 2048, 4096, ... (Default: 2048)
LENGTH=$2
# Used for alternative name. If '+' will be *.domain.
# If empty "www.domain" will be used,
# otherwise it can be set manually, like: "www2.domain"
WILDCARD=$3
#--------------------- To edit --------------------
REQ_COUNTRY="XX"
REQ_CITY="City Name"
REQ_STATE="State"
REQ_ORG="Someorg LTD"
REQ_UNIT="Some Org.Unit"
REQ_EMAIL="admin@example.com"
# If below set, it will be used instead of DOMAIN
REQ_COMMON_NAME=""
#---------------------------------------------------
if [[ $REQ_COMMON_NAME == "" ]]; then
REQ_COMMON_NAME=$DOMAIN
fi
REQUIREPSS=0 #Turn to 1 if you need the certificate to use a PSS to be read.
if [ "$DOMAIN" = "" ]; then
echo "To create keys:"
echo "$0 example.com 1024 [+|ALT]"
echo "[OPTIONAL] Where '1024' is the key length. Default is 2048"
echo "[OPTIONAL] Where '+' is to add any subdomain into the CSR (*.domain.tld)"
echo " Where ALT is any alternative domain name"
exit 1
fi
################ START ########################
echo "Checking root access..."
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
##################### KEY LENGTH ##############################
if [ "$LENGTH" = "" ]; then LENGTH=2048; fi
##################### WILD CARD ##############################
if [[ $WILDCARD == "" ]]; then
ALTNAME="www.$DOMAIN";
elif [ "$WILDCARD" = "+" ]; then
WILDCARD="*.";
ALTNAME="$WILDCARD$DOMAIN";
elif [ "$WILDCARD" != "" ]; then
ALTNAME="$WILDCARD";
fi
##################### CREATE CONFIG FILE #####################
echo "[ req ]" > $DOMAIN.cfg
echo "default_bits = $LENGTH" >> $DOMAIN.cfg
echo "default_keyfile = $DOMAIN.key" >> $DOMAIN.cfg
echo "default_days = 730" >> $DOMAIN.cfg
echo "default_md = sha256" >> $DOMAIN.cfg
echo "distinguished_name = req_dn" >> $DOMAIN.cfg
echo "string_mask = nombstr" >> $DOMAIN.cfg
echo "prompt = no" >> $DOMAIN.cfg
if [ $REQUIREPSS == 0 ]; then
echo "encrypt_key = no" >> $DOMAIN.cfg
fi
echo "req_extensions = v3_req" >> $DOMAIN.cfg
echo "[ v3_req ]" >> $DOMAIN.cfg
echo "subjectAltName = @req_alt" >> $DOMAIN.cfg
echo "[ req_alt ]" >> $DOMAIN.cfg
echo "DNS.1 = $ALTNAME" >> $DOMAIN.cfg
echo "[ req_dn ]" >> $DOMAIN.cfg
echo "C = $REQ_COUNTRY" >> $DOMAIN.cfg
echo "ST = $REQ_STATE" >> $DOMAIN.cfg
echo "L = $REQ_CITY" >> $DOMAIN.cfg
echo "O = $REQ_ORG" >> $DOMAIN.cfg
echo "OU = $REQ_UNIT" >> $DOMAIN.cfg
echo "CN = $REQ_COMMON_NAME" >> $DOMAIN.cfg
echo "emailAddress = $REQ_EMAIL" >> $DOMAIN.cfg
if [ $REQUIREPSS == 1 ]; then
##################### CREATE PASS PRASE #######################
dd if=/dev/urandom count=1 2> /dev/null | tr -dc [:graph:] | head -c 128 > $DOMAIN.pss
echo "Generating KEY..."
openssl genrsa -out $DOMAIN.key -passout file:$DOMAIN.pss $LENGTH
echo "Generating PEM..."
openssl rsa -in $DOMAIN.key -passin file:$DOMAIN.pss -out $DOMAIN.pem
echo "Generating CSR..."
openssl req -new -sha256 -key $DOMAIN.key -passin file:$DOMAIN.pss -config $DOMAIN.cfg -out $DOMAIN.csr
echo "Don't forget to backup the .pss file and delete it from here!"
##################### CREATE REQUEST #######################
else
openssl req -batch -config $DOMAIN.cfg -newkey rsa:$LENGTH -out $DOMAIN.csr
fi
cat $DOMAIN.csr
chmod 400 $DOMAIN.*