Kezdőlap Felfedezés Súgó
Bejelentkezés
yosoyhendrix
/
vesta
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 1d10dbdc4d
Branch-ok Tag-ek
vesta
/
bin
/
v-generate-ssl-cert

v-generate-ssl-cert 3.2 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. #!/bin/bash
    2. 

  2. # info: generate self signed certificate and CSR request
    3. 

  3. # options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT]
    4. 

  4. #
    5. 

  5. # The function generates self signed SSL certificate and CSR request
    6. 

  6. 

  7. 

  8. #----------------------------------------------------------#
    9. 

  9. #                    Variable&Function                     #
    10. 

  10. #----------------------------------------------------------#
    11. 

  11. 

  12. # Argument definition
    13. 

  13. domain=$1
    14. 

  14. domain=$(echo $domain | sed -e 's/\.*$//g' -e 's/^\.*//g')
    15. 

  15. domain=$(echo $domain | tr '[:upper:]' '[:lower:]')
    16. 

  16. domain_alias=$domain
    17. 

  17. email=$2
    18. 

  18. country=$3
    19. 

  19. state=$4
    20. 

  20. city=$5
    21. 

  21. org=$6
    22. 

  22. org_unit=$7
    23. 

  23. format=${8-shell}
    24. 

  24. KEY_SIZE=2048
    25. 

  25. DAYS=365
    26. 

  26. 

  27. # Includes
    28. 

  28. source $VESTA/func/main.sh
    29. 

  29. source $VESTA/conf/vesta.conf
    30. 

  30. 

  31. # Json function
    32. 

  32. json_list_ssl() {
    33. 

  33.     i='1'       # iterator
    34. 

  34.     echo '{'
    35. 

  35.     echo -e "\t\"$domain\": {"
    36. 

  36.     echo "        \"CRT\": \"$crt\","
    37. 

  37.     echo "        \"KEY\": \"$key\","
    38. 

  38.     echo "        \"CSR\": \"$csr\""
    39. 

  39.     echo -e "\t}\n}"
    40. 

  40. }
    41. 

  41. 

  42. # Shell function
    43. 

  43. shell_list_ssl() {
    44. 

  44.     if [ ! -z "$crt" ]; then
    45. 

  45.         echo -e "$crt"
    46. 

  46.     fi
    47. 

  47.     if [ ! -z "$key" ]; then
    48. 

  48.         echo -e "\n$key"
    49. 

  49.     fi
    50. 

  50.     if [ ! -z "$csr" ]; then
    51. 

  51.         echo -e "\n$csr"
    52. 

  52.     fi
    53. 

  53. }
    54. 

  54. 

  55. 

  56. #----------------------------------------------------------#
    57. 

  57. #                    Verifications                         #
    58. 

  58. #----------------------------------------------------------#
    59. 

  59. 

  60. check_args '7' "$#" 'DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT]'
    61. 

  61. validate_format 'domain_alias' 'format'
    62. 

  62. 

  63. 

  64. #----------------------------------------------------------#
    65. 

  65. #                       Action                             #
    66. 

  66. #----------------------------------------------------------#
    67. 

  67. 

  68. # Create temporary work directory
    69. 

  69. workdir=$(mktemp -d)
    70. 

  70. cd $workdir
    71. 

  71. 

  72. # Generate private key
    73. 

  73. export PASSPHRASE=gen_password
    74. 

  74. openssl genrsa -des3 \
    75. 

  75.     -out $domain.key \
    76. 

  76.     -passout env:PASSPHRASE $KEY_SIZE 2>/dev/null
    77. 

  77. 

  78. # Generate the CSR
    79. 

  79. subj="/C=$country/ST=$state/localityName=$city/O=$org"
    80. 

  80. subj="$subj/organizationalUnitName=$org_unit/commonName=$domain"
    81. 

  81. subj="$subj/emailAddress=$email"
    82. 

  82. 

  83. openssl req -sha256\
    84. 

  84.     -new \
    85. 

  85.     -batch \
    86. 

  86.     -subj "$subj" \
    87. 

  87.     -key $domain.key \
    88. 

  88.     -out $domain.csr \
    89. 

  89.     -passin env:PASSPHRASE >/dev/null 2>&1
    90. 

  90. 

  91. # Remove passphrase
    92. 

  92. cp $domain.key $domain.key.tmp
    93. 

  93. openssl rsa \
    94. 

  94.     -in $domain.key.tmp \
    95. 

  95.     -out $domain.key \
    96. 

  96.     -passin env:PASSPHRASE >/dev/null 2>&1
    97. 

  97. rm $domain.key.tmp
    98. 

  98. 

  99. # Generate the cert 1 year
    100. 

  100. openssl x509 -req -sha256 \
    101. 

  101.     -days $DAYS \
    102. 

  102.     -in $domain.csr \
    103. 

  103.     -signkey $domain.key \
    104. 

  104.     -out $domain.crt >/dev/null 2>&1
    105. 

  105. 

  106. # Listing certificates
    107. 

  107. if [ -e "$domain.crt" ]; then
    108. 

  108.     crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' )
    109. 

  109. fi
    110. 

  110. 

  111. if [ -e "$domain.key" ]; then
    112. 

  112.     key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' )
    113. 

  113. fi
    114. 

  114. 

  115. if [ -e "$domain.csr" ]; then
    116. 

  116.     csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' )
    117. 

  117. fi
    118. 

  118. 

  119. case $format in
    120. 

  120.     json)   json_list_ssl ;;
    121. 

  121.     plain)  nohead=1; shell_list_ssl ;;
    122. 

  122.     shell)  shell_list_ssl ;;
    123. 

  123.     *)      check_args '1' '0' '[FORMAT]'
    124. 

  124. esac
    125. 

  125. 

  126. # Delete tmp dir
    127. 

  127. rm -rf $workdir
    128. 

  128. 

  129. 

  130. #----------------------------------------------------------#
    131. 

  131. #                       Vesta                              #
    132. 

  132. #----------------------------------------------------------#
    133. 

  133. 

  134. # Logging
    135. 

  135. log_event "$OK" "$EVENT"
    136. 

  136. 

  137. exit
    138.