This repository has been archived on 2022-01-23. You can view files and clone it, but cannot push or open issues or pull requests.
ssladmin/new.ca.sh

152 lines
7.6 KiB
Bash
Raw Permalink Normal View History

2016-02-22 01:42:47 -05:00
#!/bin/bash
set -e
rootdir='/root/ssl/ca'
2016-02-22 01:42:47 -05:00
bindir="$(dirname ${0})"
export rootdir
export bindir
2016-02-22 03:29:17 -05:00
if [[ -d "${rootdir}" ]];
2016-02-22 01:42:47 -05:00
then
2016-02-22 03:29:17 -05:00
echo "If you continue, I will completely DELETE (if found):"
echo " ${rootdir}/key"
echo " ${rootdir}/crt"
echo " ${rootdir}/crl"
echo " ${rootdir}/csr"
echo " ${rootdir}/index.txt"
echo " ${rootdir}/serial"
echo
echo "To continue, type YESIAMCRAZY and hit the enter key."
read RUCRAZY
if [[ "${RUCRAZY}" != 'YESIAMCRAZY' ]];
then
echo '"IAMCRAZY" *NOT* entered. Quitting.'
exit 1
fi
2016-02-22 01:42:47 -05:00
fi
echo "Deleting CA hierarchy and creating clean..."
# https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
rm -rf ${rootdir}/{key,crt,crl,csr,index.txt,serial}
mkdir -p ${rootdir}/{key,crt,crl,csr}
echo '1000' > ${rootdir}/serial
touch ${rootdir}/index.txt
chmod 700 ${rootdir}
chmod 700 ${rootdir}/key
base64 -d >> ${rootdir}/openssl.cnf << EOF
IyBPcGVuU1NMIHJvb3QgQ0EgY29uZmlndXJhdGlvbiBmaWxlLgojIGh0dHBzOi8vamFtaWVsaW51
eC5jb20vZG9jcy9vcGVuc3NsLWNlcnRpZmljYXRlLWF1dGhvcml0eS9jcmVhdGUtdGhlLXJvb3Qt
cGFpci5odG1sCgpbIGNhIF0KIyBgbWFuIGNhYApkZWZhdWx0X2NhID0gQ0FfZGVmYXVsdAoKWyBD
QV9kZWZhdWx0IF0KIyBEaXJlY3RvcnkgYW5kIGZpbGUgbG9jYXRpb25zLgpkaXIgICAgICAgICAg
ICAgICA9ICUlVEVNUExBVEVfUk9PVERJUiUlCmNlcnRzICAgICAgICAgICAgID0gJGRpci9jcnQK
Y3JsX2RpciAgICAgICAgICAgPSAkZGlyL2NybApuZXdfY2VydHNfZGlyICAgICA9ICRkaXIvY3J0
CmRhdGFiYXNlICAgICAgICAgID0gJGRpci9pbmRleC50eHQKc2VyaWFsICAgICAgICAgICAgPSAk
ZGlyL3NlcmlhbApSQU5ERklMRSAgICAgICAgICA9ICRkaXIva2V5Ly5yYW5kCgojIFRoZSByb290
IGtleSBhbmQgcm9vdCBjZXJ0aWZpY2F0ZS4KcHJpdmF0ZV9rZXkgICAgICAgPSAkZGlyL2tleS9j
YS5rZXkKY2VydGlmaWNhdGUgICAgICAgPSAkZGlyL2NydC9jYS5jcnQKCiMgRm9yIGNlcnRpZmlj
YXRlIHJldm9jYXRpb24gbGlzdHMuCmNybG51bWJlciAgICAgICAgID0gJGRpci9jcmxudW1iZXIK
Y3JsICAgICAgICAgICAgICAgPSAkZGlyL2NybC9jYS5jcmwKY3JsX2V4dGVuc2lvbnMgICAgPSBj
cmxfZXh0CmRlZmF1bHRfY3JsX2RheXMgID0gMzAKCiMgU0hBLTEgaXMgZGVwcmVjYXRlZCwgc28g
dXNlIFNIQS0yIGluc3RlYWQuCmRlZmF1bHRfbWQgICAgICAgID0gc2hhNTEyCgpuYW1lX29wdCAg
ICAgICAgICA9IGNhX2RlZmF1bHQKY2VydF9vcHQgICAgICAgICAgPSBjYV9kZWZhdWx0CmRlZmF1
bHRfZGF5cyAgICAgID0gMzY1MApwcmVzZXJ2ZSAgICAgICAgICA9IG5vCnBvbGljeSAgICAgICAg
ICAgID0gcG9saWN5X3N0cmljdAoKWyBwb2xpY3lfc3RyaWN0IF0KIyBUaGUgcm9vdCBDQSBzaG91
bGQgb25seSBzaWduIGludGVybWVkaWF0ZSBjZXJ0aWZpY2F0ZXMgdGhhdCBtYXRjaC4KIyBTZWUg
dGhlIFBPTElDWSBGT1JNQVQgc2VjdGlvbiBvZiBgbWFuIGNhYC4KY291bnRyeU5hbWUgICAgICAg
ICAgICAgPSBtYXRjaApzdGF0ZU9yUHJvdmluY2VOYW1lICAgICA9IG1hdGNoCm9yZ2FuaXphdGlv
bk5hbWUgICAgICAgID0gbWF0Y2gKb3JnYW5pemF0aW9uYWxVbml0TmFtZSAgPSBvcHRpb25hbApj
b21tb25OYW1lICAgICAgICAgICAgICA9IHN1cHBsaWVkCmVtYWlsQWRkcmVzcyAgICAgICAgICAg
ID0gb3B0aW9uYWwKClsgcG9saWN5X2xvb3NlIF0KIyBBbGxvdyB0aGUgaW50ZXJtZWRpYXRlIENB
IHRvIHNpZ24gYSBtb3JlIGRpdmVyc2UgcmFuZ2Ugb2YgY2VydGlmaWNhdGVzLgojIFNlZSB0aGUg
UE9MSUNZIEZPUk1BVCBzZWN0aW9uIG9mIHRoZSBgY2FgIG1hbiBwYWdlLgpjb3VudHJ5TmFtZSAg
ICAgICAgICAgICA9IG9wdGlvbmFsCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgID0gb3B0aW9uYWwK
bG9jYWxpdHlOYW1lICAgICAgICAgICAgPSBvcHRpb25hbApvcmdhbml6YXRpb25OYW1lICAgICAg
ICA9IG9wdGlvbmFsCm9yZ2FuaXphdGlvbmFsVW5pdE5hbWUgID0gb3B0aW9uYWwKY29tbW9uTmFt
ZSAgICAgICAgICAgICAgPSBzdXBwbGllZAplbWFpbEFkZHJlc3MgICAgICAgICAgICA9IG9wdGlv
bmFsCgpbIHJlcSBdCiMgT3B0aW9ucyBmb3IgdGhlIGByZXFgIHRvb2wgKGBtYW4gcmVxYCkuCmRl
ZmF1bHRfYml0cyAgICAgICAgPSA0MDk2CmRpc3Rpbmd1aXNoZWRfbmFtZSAgPSByZXFfZGlzdGlu
Z3Vpc2hlZF9uYW1lCnN0cmluZ19tYXNrICAgICAgICAgPSB1dGY4b25seQoKIyBTSEEtMSBpcyBk
ZXByZWNhdGVkLCBzbyB1c2UgU0hBLTIgaW5zdGVhZC4KZGVmYXVsdF9tZCAgICAgICAgICA9IHNo
YTUxMgoKIyBFeHRlbnNpb24gdG8gYWRkIHdoZW4gdGhlIC14NTA5IG9wdGlvbiBpcyB1c2VkLgp4
NTA5X2V4dGVuc2lvbnMgICAgID0gdjNfY2EKClsgcmVxX2Rpc3Rpbmd1aXNoZWRfbmFtZSBdCiMg
U2VlIDxodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9DZXJ0aWZpY2F0ZV9zaWduaW5nX3Jl
cXVlc3Q+Lgpjb3VudHJ5TmFtZSAgICAgICAgICAgICAgICAgICAgID0gQ291bnRyeSBOYW1lICgy
IGxldHRlciBjb2RlKQpzdGF0ZU9yUHJvdmluY2VOYW1lICAgICAgICAgICAgID0gU3RhdGUgb3Ig
UHJvdmluY2UgTmFtZQpsb2NhbGl0eU5hbWUgICAgICAgICAgICAgICAgICAgID0gTG9jYWxpdHkg
TmFtZQowLm9yZ2FuaXphdGlvbk5hbWUgICAgICAgICAgICAgID0gT3JnYW5pemF0aW9uIE5hbWUK
b3JnYW5pemF0aW9uYWxVbml0TmFtZSAgICAgICAgICA9IE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFt
ZQpjb21tb25OYW1lICAgICAgICAgICAgICAgICAgICAgID0gQ29tbW9uIE5hbWUKZW1haWxBZGRy
ZXNzICAgICAgICAgICAgICAgICAgICA9IEVtYWlsIEFkZHJlc3MKCiMgT3B0aW9uYWxseSwgc3Bl
Y2lmeSBzb21lIGRlZmF1bHRzLgpjb3VudHJ5TmFtZV9kZWZhdWx0ICAgICAgICAgICAgID0gJSVU
RU1QTEFURV9DT1VOVFJZJSUKc3RhdGVPclByb3ZpbmNlTmFtZV9kZWZhdWx0ICAgICA9ICUlVEVN
UExBVEVfU1RBVEUlJQpsb2NhbGl0eU5hbWVfZGVmYXVsdCAgICAgICAgICAgID0gJSVURU1QTEFU
RV9DSVRZJSUKMC5vcmdhbml6YXRpb25OYW1lX2RlZmF1bHQgICAgICA9ICUlVEVNUExBVEVfT1JH
JSUKb3JnYW5pemF0aW9uYWxVbml0TmFtZV9kZWZhdWx0ICA9IAplbWFpbEFkZHJlc3NfZGVmYXVs
dCAgICAgICAgICAgID0gJSVURU1QTEFURV9TU0xBRE1JTiUlCgpbIHYzX2NhIF0KIyBFeHRlbnNp
b25zIGZvciBhIHR5cGljYWwgQ0EgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpzdWJqZWN0S2V5SWRl
bnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRpZmllciA9IGtleWlkOmFsd2F5cyxpc3N1
ZXIKYmFzaWNDb25zdHJhaW50cyA9IGNyaXRpY2FsLCBDQTp0cnVlCmtleVVzYWdlID0gY3JpdGlj
YWwsIGRpZ2l0YWxTaWduYXR1cmUsIGNSTFNpZ24sIGtleUNlcnRTaWduCgpbIHYzX2ludGVybWVk
aWF0ZV9jYSBdCiMgRXh0ZW5zaW9ucyBmb3IgYSB0eXBpY2FsIGludGVybWVkaWF0ZSBDQSAoYG1h
biB4NTA5djNfY29uZmlnYCkuCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRob3JpdHlL
ZXlJZGVudGlmaWVyID0ga2V5aWQ6YWx3YXlzLGlzc3VlcgpiYXNpY0NvbnN0cmFpbnRzID0gY3Jp
dGljYWwsIENBOnRydWUsIHBhdGhsZW46MAprZXlVc2FnZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2ln
bmF0dXJlLCBjUkxTaWduLCBrZXlDZXJ0U2lnbgoKWyB1c3JfY2VydCBdCiMgRXh0ZW5zaW9ucyBm
b3IgY2xpZW50IGNlcnRpZmljYXRlcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmJhc2ljQ29uc3Ry
YWludHMgPSBDQTpGQUxTRQpuc0NlcnRUeXBlID0gY2xpZW50LCBlbWFpbApuc0NvbW1lbnQgPSAi
Q2xpZW50IENlcnRpZmljYXRlLCAlJVRFTVBMQVRFX0RPTUFJTiUlIChvcGVuc3NsKSIKc3ViamVj
dEtleUlkZW50aWZpZXIgPSBoYXNoCmF1dGhvcml0eUtleUlkZW50aWZpZXIgPSBrZXlpZCxpc3N1
ZXIKa2V5VXNhZ2UgPSBjcml0aWNhbCwgbm9uUmVwdWRpYXRpb24sIGRpZ2l0YWxTaWduYXR1cmUs
IGtleUVuY2lwaGVybWVudApleHRlbmRlZEtleVVzYWdlID0gY2xpZW50QXV0aCwgZW1haWxQcm90
ZWN0aW9uCgpbIHNlcnZlcl9jZXJ0IF0KIyBFeHRlbnNpb25zIGZvciBzZXJ2ZXIgY2VydGlmaWNh
dGVzIChgbWFuIHg1MDl2M19jb25maWdgKS4KYmFzaWNDb25zdHJhaW50cyA9IENBOkZBTFNFCm5z
Q2VydFR5cGUgPSBzZXJ2ZXIKbnNDb21tZW50ID0gIlNlcnZlciBDZXJ0aWZpY2F0ZSwgJSVURU1Q
TEFURV9ET01BSU4lJSAob3BlbnNzbCkiCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRo
b3JpdHlLZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyOmFsd2F5cwprZXlVc2FnZSA9IGNyaXRp
Y2FsLCBkaWdpdGFsU2lnbmF0dXJlLCBrZXlFbmNpcGhlcm1lbnQKZXh0ZW5kZWRLZXlVc2FnZSA9
IHNlcnZlckF1dGgKClsgY3JsX2V4dCBdCiMgRXh0ZW5zaW9uIGZvciBDUkxzIChgbWFuIHg1MDl2
M19jb25maWdgKS4KYXV0aG9yaXR5S2V5SWRlbnRpZmllcj1rZXlpZDphbHdheXMKClsgb2NzcCBd
CiMgRXh0ZW5zaW9uIGZvciBPQ1NQIHNpZ25pbmcgY2VydGlmaWNhdGVzIChgbWFuIG9jc3BgKS4K
YmFzaWNDb25zdHJhaW50cyA9IENBOkZBTFNFCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAph
dXRob3JpdHlLZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyCmtleVVzYWdlID0gY3JpdGljYWws
IGRpZ2l0YWxTaWduYXR1cmUKZXh0ZW5kZWRLZXlVc2FnZSA9IGNyaXRpY2FsLCBPQ1NQU2lnbmlu
ZwoK
EOF
echo "Customizing openssl.cnf..."
echo
echo -n "What is your ORGANIZATION'S name? "
read ORGNAME
export ORGNAME
echo -n "And what is your organization's MAIN DOMAIN? "
read ORGSITE
export ORGSITE
2016-02-22 14:57:42 -05:00
echo -n "What Country (two-letter abbreviation) is your organization located in? "
2016-02-22 01:42:47 -05:00
read ORGCNTRY
export ORGCNTRY
echo -n "What State (full name) is your organization located in? "
read ORGSTATE
export ORGSTATE
echo -n "What City is your organization located in? "
read ORGCITY
export ORGCITY
echo -n "Lastly, what email address should be used for the SSL administrator? "
read SSLADMIN
export SSLADMIN
2016-02-22 03:29:17 -05:00
sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf
2016-02-22 01:42:47 -05:00
NEWCA='yes'
export NEWCA
sh ${bindir}/gen.ca.key.sh
sh ${bindir}/gen.ca.cert.sh
sh ${bindir}/new.intermediate.sh
sh ${bindir}/new.serverclient.sh ${ORGSITE}