-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_server_cert.sh
executable file
·86 lines (71 loc) · 2.56 KB
/
create_server_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
set -e
function display_usage() {
echo -e "Creates a server certificate signed by the given root CA's intermediate certificate"
echo -e "\nUsage:\n$0 <ca_name> <server_name>\n"
}
COLOR_YELLOW=$(tput setaf 3)
TEXT_RESET=$(tput sgr0)
function info() {
printf "$COLOR_YELLOW*** $1$TEXT_RESET\n\n"
}
##
## Start Execution
##
if [[ $# -le 1 ]]
then
display_usage
exit 1
fi
# check whether user had supplied -h or --help . If yes display usage
if [[ ( $# == "--help") || $# == "-h" ]]
then
display_usage
exit 0
fi
#####################
# Server Cert #
#####################
# setup
ROOT_DIR=`pwd`/cas/$1
INTERMEDIATE_DIR=$ROOT_DIR/intermediate
SERVER_NAME=$2
info "Creating a server certificate for $SERVER_NAME under the intermediate CA at $INTERMEDIATE_DIR"
cd $INTERMEDIATE_DIR
# create key
info "Creating the server's private key. You'll be prompted to create a passphrase."
openssl genrsa -aes256 -out private/$SERVER_NAME.key.pem 2048
chmod 400 private/$SERVER_NAME.key.pem
# create csr
info "Creating the server's csr to be signed. You'll be prompted for it's passphrase and subject information."
openssl req -config openssl.cnf -key private/$SERVER_NAME.key.pem \
-new -sha256 -out csr/$SERVER_NAME.csr.pem
# signing the csr
info "Signing the server's cert. You'll be prompted for the intermediate passphrase and to verify the server's information."
openssl ca -config openssl.cnf -extensions server_cert -notext \
-in csr/$SERVER_NAME.csr.pem \
-out certs/$SERVER_NAME.cert.pem
chmod 444 certs/$SERVER_NAME.cert.pem
# verify the cert
info "Verifying your server cert's validity."
openssl verify -CAfile $INTERMEDIATE_DIR/certs/intermediate-chain.cert.pem \
$INTERMEDIATE_DIR/certs/$SERVER_NAME.cert.pem
read -p "$COLOR_YELLOW*** Would you like to manually verify the server's certificate? [Y/n]: $TEXT_RESET" verify
if [[ $verify != 'n' ]]
then
openssl x509 -noout -text -in certs/$SERVER_NAME.cert.pem | less
read -p "$COLOR_YELLOW*** Did everything look correct? [Y/n]: $TEXT_RESET" correct
if [[ $correct == 'n' ]]
then
info "Revoking this certificate. You'll be prompted for the intermediate passphrase."
openssl ca -config openssl.cnf \
-revoke certs/$SERVER_NAME.cert.pem
info "Recreating CRL. You'll be prompted for the intermediate passphrase."
openssl ca -config openssl.cnf -gencrl \
-out crl/crl.pem
info "Removing files..."
rm -f private/$SERVER_NAME.key.pem csr/$SERVER_NAME.csr.pem certs/$SERVER_NAME.cert.pem
exit 1
fi
fi
info "Server certificate created at $INTERMEDIATE_DIR/certs/$SERVER_NAME.cert.pem"