#!/bin/bash # info: generate self signed certificate and CSR request # options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT] # # The function generates self signed SSL certificate and CSR request #----------------------------------------------------------# # Variable&Function # #----------------------------------------------------------# # Argument definition domain=$1 domain=$(echo $domain |sed -e 's/\.*$//g' -e 's/^\.*//g') domain_alias=$domain email=$2 country=$3 state=$4 city=$5 org=$6 org_unit=$7 aliases=$8 format=${9-shell} KEY_SIZE=4096 DAYS=365 # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf # Json function json_list_ssl() { i='1' # iterator echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," echo " \"KEY\": \"$key\"," echo " \"CSR\": \"$csr\"," echo " \"DIR\": \"$workdir\"" echo -e "\t}\n}" } # Shell function shell_list_ssl() { if [ ! -z "$crt" ]; then echo -e "$crt" fi if [ ! -z "$key" ]; then echo -e "\n$key" fi if [ ! -z "$csr" ]; then echo -e "\n$csr" fi echo -e "\nDirectory: $workdir" } # Additional argument formatting format_domain_idn if [[ "$email" = *[![:ascii:]]* ]]; then email=$(idn -t --quiet -a $email) fi #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]' check_args '7' "$#" "$args_usage" is_format_valid 'domain' 'alias' 'format' #----------------------------------------------------------# # Action # #----------------------------------------------------------# # Create temporary work directory workdir=$(mktemp -d) cd $workdir # Generate private key openssl genrsa $KEY_SIZE > $domain.key 2>/dev/null # Generate the CSR subj="/C=$country/ST=$state/localityName=$city/O=$org" subj="$subj/organizationalUnitName=$org_unit/commonName=$domain_idn" subj="$subj/emailAddress=$email" if [ -z "$aliases" ]; then openssl req -sha256\ -new \ -batch \ -subj "$subj" \ -key $domain.key \ -out $domain.csr #>/dev/null 2>&1 else for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do if [[ "$alias" = *[![:ascii:]]* ]]; then alias=$(idn -t --quiet -a $alias) fi dns_aliases="${dns_aliases}DNS:$alias," done dns_aliases=$(echo $dns_aliases |sed "s/,$//") if [ -e "/etc/ssl/openssl.cnf" ]; then ssl_conf='/etc/ssl/openssl.cnf' else ssl_conf="/etc/pki/tls/openssl.cnf" fi openssl req -sha256\ -new \ -batch \ -subj "$subj" \ -key $domain.key \ -reqexts SAN \ -config <(cat $ssl_conf \ <(printf "[SAN]\nsubjectAltName=$dns_aliases")) \ -out $domain.csr >/dev/null 2>&1 fi # Generate the cert 1 year openssl x509 -req -sha256 \ -days $DAYS \ -in $domain.csr \ -signkey $domain.key \ -out $domain.crt >/dev/null 2>&1 # Listing certificates if [ -e "$domain.crt" ]; then crt=$(cat $domain.crt |sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.key" ]; then key=$(cat $domain.key |sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.csr" ]; then csr=$(cat $domain.csr |sed ':a;N;$!ba;s/\n/\\n/g' ) fi case $format in json) json_list_ssl ;; plain) nohead=1; shell_list_ssl ;; shell) shell_list_ssl ;; *) check_args '1' '0' '[FORMAT]' esac # Delete tmp dir #rm -rf $workdir #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# # Logging log_event "$OK" "$ARGUMENTS" exit