| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 |
- #!/bin/bash
- # info: generate self signed certificate and CSR request
- # options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]
- #
- # The function generates self signed SSL certificate and CSR request
- #----------------------------------------------------------#
- # Variable&Function #
- #----------------------------------------------------------#
- # Argument definition
- domain=$1
- domain=$(echo $domain |sed -e 's/\.*$//g' -e 's/^\.*//g')
- domain_alias=$domain
- email=$2
- country=$3
- state=$4
- city=$5
- org=$6
- org_unit=$7
- aliases=$8
- format=${9-shell}
- KEY_SIZE=4096
- DAYS=365
- # Includes
- source $VESTA/func/main.sh
- source $VESTA/conf/vesta.conf
- # Json function
- json_list_ssl() {
- i='1' # iterator
- echo '{'
- echo -e "\t\"$domain\": {"
- echo " \"CRT\": \"$crt\","
- echo " \"KEY\": \"$key\","
- echo " \"CSR\": \"$csr\","
- echo " \"DIR\": \"$workdir\""
- echo -e "\t}\n}"
- }
- # Shell function
- shell_list_ssl() {
- if [ ! -z "$crt" ]; then
- echo -e "$crt"
- fi
- if [ ! -z "$key" ]; then
- echo -e "\n$key"
- fi
- if [ ! -z "$csr" ]; then
- echo -e "\n$csr"
- fi
- echo -e "\nDirectory: $workdir"
- }
- #----------------------------------------------------------#
- # Verifications #
- #----------------------------------------------------------#
- args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
- check_args '7' "$#" "$args_usage"
- is_format_valid 'domain_alias' 'format'
- #----------------------------------------------------------#
- # Action #
- #----------------------------------------------------------#
- if [[ "$domain" = *[![:ascii:]]* ]]; then
- domain_idn=$(idn -t --quiet -a $domain)
- else
- domain_idn=$domain
- fi
- if [[ "$email" = *[![:ascii:]]* ]]; then
- email=$(idn -t --quiet -a $email)
- fi
- # Create temporary work directory
- workdir=$(mktemp -d)
- cd $workdir
- # Generate private key
- openssl genrsa $KEY_SIZE > $domain.key 2>/dev/null
- # Generate the CSR
- subj="/C=$country/ST=$state/localityName=$city/O=$org"
- subj="$subj/organizationalUnitName=$org_unit/commonName=$domain_idn"
- subj="$subj/emailAddress=$email"
- if [ -z "$aliases" ]; then
- openssl req -sha256\
- -new \
- -batch \
- -subj "$subj" \
- -key $domain.key \
- -out $domain.csr #>/dev/null 2>&1
- else
- for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
- dns_aliases="${dns_aliases}DNS:$alias,"
- done
- dns_aliases=$(echo $dns_aliases |sed "s/,$//")
- if [ -e "/etc/ssl/openssl.cnf" ]; then
- ssl_conf='/etc/ssl/openssl.cnf'
- else
- ssl_conf="/etc/pki/tls/openssl.cnf"
- fi
- openssl req -sha256\
- -new \
- -batch \
- -subj "$subj" \
- -key $domain.key \
- -reqexts SAN \
- -config <(cat $ssl_conf \
- <(printf "[SAN]\nsubjectAltName=$dns_aliases")) \
- -out $domain.csr >/dev/null 2>&1
- fi
- # Generate the cert 1 year
- openssl x509 -req -sha256 \
- -days $DAYS \
- -in $domain.csr \
- -signkey $domain.key \
- -out $domain.crt >/dev/null 2>&1
- # Listing certificates
- if [ -e "$domain.crt" ]; then
- crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' )
- fi
- if [ -e "$domain.key" ]; then
- key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' )
- fi
- if [ -e "$domain.csr" ]; then
- csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' )
- fi
- case $format in
- json) json_list_ssl ;;
- plain) nohead=1; shell_list_ssl ;;
- shell) shell_list_ssl ;;
- *) check_args '1' '0' '[FORMAT]'
- esac
- # Delete tmp dir
- #rm -rf $workdir
- #----------------------------------------------------------#
- # Vesta #
- #----------------------------------------------------------#
- # Logging
- log_event "$OK" "$ARGUMENTS"
- exit
|