vesta/bin/v-generate-ssl-cert

#!/bin/bash
# info: generate self signed certificate and CSR request
# options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]
#
# The function generates self signed SSL certificate and CSR request


#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#

# Argument definition
domain=$1
domain=$(echo $domain |sed -e 's/\.*$//g' -e 's/^\.*//g')
domain_alias=$domain
email=$2
country=$3
state=$4
city=$5
org=$6
org_unit=$7
aliases=$8
format=${9-shell}
KEY_SIZE=4096
DAYS=365

# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf

# Json function
json_list_ssl() {
    i='1'       # iterator
    echo '{'
    echo -e "\t\"$domain\": {"
    echo "        \"CRT\": \"$crt\","
    echo "        \"KEY\": \"$key\","
    echo "        \"CSR\": \"$csr\","
    echo "        \"DIR\": \"$workdir\""
    echo -e "\t}\n}"
}

# Shell function
shell_list_ssl() {
    if [ ! -z "$crt" ]; then
        echo -e "$crt"
    fi
    if [ ! -z "$key" ]; then
        echo -e "\n$key"
    fi
    if [ ! -z "$csr" ]; then
        echo -e "\n$csr"
    fi
    echo -e "\nDirectory: $workdir"
}



#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
check_args '7' "$#" "$args_usage"
is_format_valid 'domain_alias' 'format'


#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

if [[ "$domain" = *[![:ascii:]]* ]]; then
    domain_idn=$(idn -t --quiet -a $domain)
else
    domain_idn=$domain
fi
if [[ "$email" = *[![:ascii:]]* ]]; then
    email=$(idn -t --quiet -a $email)
fi

# Create temporary work directory
workdir=$(mktemp -d)
cd $workdir

# Generate private key
openssl genrsa $KEY_SIZE > $domain.key 2>/dev/null

# Generate the CSR
subj="/C=$country/ST=$state/localityName=$city/O=$org"
subj="$subj/organizationalUnitName=$org_unit/commonName=$domain_idn"
subj="$subj/emailAddress=$email"
if [ -z "$aliases" ]; then
    openssl req -sha256\
        -new \
        -batch \
        -subj "$subj" \
        -key $domain.key \
        -out $domain.csr #>/dev/null 2>&1
else
    for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
        dns_aliases="${dns_aliases}DNS:$alias,"
    done
    dns_aliases=$(echo $dns_aliases |sed "s/,$//")

    if [ -e "/etc/ssl/openssl.cnf" ]; then
        ssl_conf='/etc/ssl/openssl.cnf'
    else
        ssl_conf="/etc/pki/tls/openssl.cnf"
    fi

    openssl req -sha256\
        -new \
        -batch \
        -subj "$subj" \
        -key $domain.key \
        -reqexts SAN \
        -config  <(cat $ssl_conf \
            <(printf "[SAN]\nsubjectAltName=$dns_aliases")) \
        -out $domain.csr >/dev/null 2>&1
fi

# Generate the cert 1 year
openssl x509 -req -sha256 \
    -days $DAYS \
    -in $domain.csr \
    -signkey $domain.key \
    -out $domain.crt >/dev/null 2>&1


# Listing certificates
if [ -e "$domain.crt" ]; then
    crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' )
fi

if [ -e "$domain.key" ]; then
    key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' )
fi

if [ -e "$domain.csr" ]; then
    csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' )
fi

case $format in
    json)   json_list_ssl ;;
    plain)  nohead=1; shell_list_ssl ;;
    shell)  shell_list_ssl ;;
    *)      check_args '1' '0' '[FORMAT]'
esac

# Delete tmp dir
#rm -rf $workdir


#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

# Logging
log_event "$OK" "$ARGUMENTS"

exit