6 echo "cleanup previous run..."
8 mkdir -p output/csr output/crt output/sgn
10 while read cdline ; do
11 if [[ $cdline == "" || $cdline == "#"* ]] ; then
16 read -a certdata <<< "$cdline"
18 if [[ ${certdata[0]} == "EXIT" ]] ; then
19 echo "*** $cdline ***" 1>&2
23 echo "*** Processing: $(date -Iseconds) - ${certdata[0]} - ${certdata[1]} ***"
24 if [[ -d "output/${certdata[1]}" ]] ; then
25 echo "*** ERROR - THIS SEEMS TO ALREADY EXIST ***" 1>&2
26 echo "*** ABORTED ***" 1>&2
30 mkdir "output/${certdata[1]}"
31 chmod o+x "output/${certdata[1]}"
32 cd "output/${certdata[1]}"
34 # Handle "CA" type here.
35 if [[ ${certdata[0]} == "CA" ]] ; then
36 mkdir -m 0700 certs crl newcerts
39 SUBJECT=$(echo -n "${certdata[2]}" | sed -e 's/_/ /g')
40 openssl req -batch -new -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -nodes -subj "${SUBJECT}" -reqexts v3_ca_req -config "${MYPWD}/openssl.cnf" -days 3650 &>/dev/null
45 # Handle non "CA" types here.
46 export CA_PATH="$MYPWD/ca/"
47 SUBJECT="$(echo -n "${certdata[2]}" | sed -e 's/_/ /g')CN=${certdata[1]}/"
48 DNS_NAMES="${certdata[1]},${certdata[3]}"
52 cat "${MYPWD}/openssl.cnf" > /tmp/certgen.cnf
54 for name in $DNS_NAMES; do
55 if [[ "" == $name ]] ; then
58 COUNTER=$((COUNTER+1))
59 echo "DNS.${COUNTER} = $name" >> /tmp/certgen.cnf
63 if [[ "" == $ip ]] ; then
66 COUNTER=$((COUNTER+1))
67 echo "IP.${COUNTER} = $ip" >> /tmp/certgen.cnf
73 openssl genrsa -out "${certdata[1]}.key" 4096 &> /dev/null
74 openssl req -new -key "${certdata[1]}.key" -out "${certdata[1]}.csr" -utf8 -batch -subj "${SUBJECT}" -config /tmp/certgen.cnf
76 if [[ ${certdata[0]} == "SGN" ]] ; then
77 if [[ ! -d "${CA_PATH}" ]] ; then
78 echo "*** ERROR - NO CA DATA FOUND ***" 1>&2
79 echo "*** maybe generate a CA and move it to ${CA_PATH} ***" 1>&2
80 echo "copy template: mv output/SomeNet ${CA_PATH}" 1>&2
81 echo "*** ABORTED ***" 1>&2
85 openssl ca -batch -create_serial -out "${certdata[1]}.crt" -days 365 -keyfile "${MYPWD}/ca/ca.key" -extensions v3_ca \
86 -config "${MYPWD}/openssl.cnf" -infiles "${certdata[1]}.csr"
87 cat "${MYPWD}/ca/ca.crt" >> "${certdata[1]}.crt"
89 elif [[ ${certdata[0]} == "CRT" ]] ; then
90 openssl x509 -req -signkey "${certdata[1]}.key" -in "${certdata[1]}.csr" -out "${certdata[1]}.crt" -extensions v3_req -extfile /tmp/certgen.cnf \
91 -days 365 -sha512 &> /dev/null
92 chmod o+r "${certdata[1]}.crt"
94 echo -n "${certdata[1]} " >> "${MYPWD}/output/fpfile.txt"
95 openssl x509 -in "${certdata[1]}.crt" -fingerprint -noout -sha512 >> "${MYPWD}/output/fpfile.txt"
96 echo "" >> "${MYPWD}/output/fpfile.txt"
102 if [[ ${certdata[0]} == "SGN" ]] ; then
103 mv "output/${certdata[1]}" "output/sgn/${certdata[1]}"
104 elif [[ ${certdata[0]} == "CRT" ]] ; then
105 mv "output/${certdata[1]}" "output/crt/${certdata[1]}"
107 mv "output/${certdata[1]}" "output/csr/${certdata[1]}"
113 ls -l "${MYPWD}/output/"*/ | grep -v "total"
SomeNet / public repos / tools / certgen.git / blob