# Format: <OPERATION> <Parameters>
# EXIT <errorcode> <optional: text with spaces to display>
# CA <CA Name> <Cert Subject>
-# SGN <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!>
+# SGN <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!> <optional: additional IP-alt-names ","-separated, NOT SPACES!>
# This will create a cert and sign with the ca located in ./ca/
-# CRT <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!>
+# CRT <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!> <optional: additional IP-alt-names ","-separated, NOT SPACES!>
# This will create a self signed cert.
-# CSR <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!>
+# CSR <CN> <Cert Subject> <optional: additional DNS-alt-names ","-separated, NOT SPACES!> <optional: additional IP-alt-names ","-separated, NOT SPACES!>
# This will create a cert request only.
#
# For some strange reason the subject line has to start with /emailAddress=...
# Otherwise some weird stuff happens - good job, openssl folks :/
# For failing services ;)
-CRT localhost /emailAddress=root@localhost/OU=CertGen/O=YouFailed;)/ *.loc,loc,l,*.l
+CRT localhost /emailAddress=root@localhost/OU=CertGen/O=YouFailed;)/ *.loc,loc,l,*.l 127.0.0.1,127.0.1.1
# stop certgen here
EXIT 0 Stop processing here - comment out or delete.
echo "cleanup previous run..."
rm -rf output/*
-mkdir output/csr output/crt output/sgn
+mkdir -p output/csr output/crt output/sgn
while read cdline ; do
if [[ $cdline == "" || $cdline == "#"* ]] ; then
export CA_PATH="$MYPWD/ca/"
SUBJECT="$(echo -n "${certdata[2]}" | sed -e 's/_/ /g')CN=${certdata[1]}/"
DNS_NAMES="${certdata[1]},${certdata[3]}"
+ IPS="${certdata[4]}"
OLDIFS=$IFS
IFS=","
cat "${MYPWD}/openssl.cnf" > /tmp/certgen.cnf
COUNTER=$((COUNTER+1))
echo "DNS.${COUNTER} = $name" >> /tmp/certgen.cnf
done
+ COUNTER=0
+ for ip in $IPS; do
+ if [[ "" == $ip ]] ; then
+ continue
+ fi
+ COUNTER=$((COUNTER+1))
+ echo "IP.${COUNTER} = $ip" >> /tmp/certgen.cnf
+ done
IFS=$OLDIFS
unset OLDIFS
unset COUNTER