feat: add scripts

tahubu · Aug 7, 2018 · df7d234 · df7d234
1 parent 6ef0580
commit df7d234
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 0 deletions.
diff --git a/ca.conf b/ca.conf
@@ -0,0 +1,51 @@
+# we use 'ca' as the default section because we're usign the ca command
+[ ca ]
+default_ca = my_ca
+
+[ my_ca ]
+#  a text file containing the next serial number to use in hex. Mandatory.
+#  This file must be present and contain a valid serial number.
+serial = ./serial
+
+# the text database file to use. Mandatory. This file must be present though
+# initially it will be empty.
+database = ./index.txt
+
+# specifies the directory where new certificates will be placed. Mandatory.
+new_certs_dir = ./newcerts
+
+# the file containing the CA certificate. Mandatory
+certificate = ./ca.crt
+
+# the file contaning the CA private key. Mandatory
+private_key = ./ca.key
+
+# the message digest algorithm. Remember to not use MD5
+# lehet:
+# - sha
+# - sha1
+# - sha224
+# - sha256
+# - sha384
+# - sha512
+# - whirlpool
+default_md = sha256
+
+# for how many days will the signed certificate be valid
+default_days = 3650
+
+# a section with a set of variables corresponding to DN fields
+policy = my_policy
+
+[ my_policy ]
+# if the value is "match" then the field value must match the same field in the
+# CA certificate. If the value is "supplied" then it must be present.
+# Optional means it may be present. Any fields not mentioned are silently
+# deleted.
+countryName = match
+stateOrProvinceName = supplied
+organizationName = supplied
+commonName = supplied
+organizationalUnitName = optional
+commonName = supplied
+
diff --git a/generate-ca.sh b/generate-ca.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# based on https://gist.github.com/Soarez/9688998
+
+mkdir -p newcerts
+touch index.txt
+if [ ! -f "./serial" ]; then
+    echo '01' > serial
+fi
+
+if [ -f "./ca.crt" ] && [ -f "./ca.key" ]; then
+    echo "The CA key and cert files are already generated"
+    exit 1
+fi
+
+# Generate a key
+openssl genrsa -out ca.key 4096
+
+# Generate a self signed certificate for the CA
+openssl req -new -x509 -key ca.key -out ca.crt
+
diff --git a/generate.sh b/generate.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+echo "Please give the domain name: "
+
+read domain
+
+dir=${domain}
+
+mkdir ${dir}
+
+# Generate an RSA key
+openssl genrsa -out "${dir}/${domain}.key" 4096
+
+# Generate Certificate Signing Request
+openssl req -new -key "${dir}/${domain}.key" -out "${dir}/${domain}.csr"
+
+echo "Please give the domain names, separated by space: "
+echo "(example: *.test.net test.net)"
+
+read domains
+
+cat > "${dir}/${domain}.extensions.cnf" <<EOL
+basicConstraints=CA:FALSE
+subjectAltName=@my_subject_alt_names
+subjectKeyIdentifier = hash
+
+[ my_subject_alt_names ]
+EOL
+
+counter=1
+for d in $domains; do
+    echo "DNS.${counter} = ${d}" >> "${dir}/${domain}.extensions.cnf"
+    counter=$((counter+1))
+done
+
+echo "Sign the key..."
+
+# Sign the key
+openssl ca -config ca.conf -out "${dir}/${domain}.crt" -extfile "${dir}/${domain}.extensions.cnf" -in "${dir}/${domain}.csr"
+
+# Delete config files
+rm -f "${dir}/${domain}.extensions.cnf"
+rm -f "${dir}/${domain}.csr"
+