initial commit
This commit is contained in:
commit
b35241f7d0
6
gen.ca.cert.sh
Normal file
6
gen.ca.cert.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating CA certificate..."
|
||||||
|
openssl req -config ${rootdir}/openssl.cnf -key ${rootdir}/key/ca.key -new -x509 -days 3650 -extensions v3_ca -out ${rootdir}/crt/ca.crt > /dev/null 2>&1
|
||||||
|
chmod 444 ${rootdir}/crt/ca.crt
|
||||||
6
gen.ca.key.sh
Normal file
6
gen.ca.key.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating CA key..."
|
||||||
|
openssl genrsa -out ${rootdir}/key/ca.key 4096 > /dev/null 2>&1
|
||||||
|
chmod 400 ${rootdir}/key/ca.key
|
||||||
6
gen.intermediate.cert.sh
Normal file
6
gen.intermediate.cert.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating intermediate certificate..."
|
||||||
|
openssl CA -config ${rootdir}/openssl.cnf -days 3650 -extensions v3_ca -notext -md sha512 -in ${rootdir}/intermediate/csr/intermediate.csr -out ${rootdir}/intermediate/crt/intermediate.crt > /dev/null 2>&1
|
||||||
|
chmod 444 ${rootdir}/intermediate/crt/intermediate.crt
|
||||||
6
gen.intermediate.chain.sh
Normal file
6
gen.intermediate.chain.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating chain cert file..."
|
||||||
|
cat ${rootdir}/intermediate/crt/intermediate.crt ${rootdir}/crt/ca.crt > ${rootdir}/intermediate/crt/intermediate-chained.crt
|
||||||
|
chmod 444 ${rootdir}/intermediate/crt/intermediate-chained.crt
|
||||||
5
gen.intermediate.csr.sh
Normal file
5
gen.intermediate.csr.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating intermediate CSR..."
|
||||||
|
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/intermediate/key/intermediate.key -out ${rootdir}/intermediate/csr/intermediate.csr > /dev/null 2>&1
|
||||||
6
gen.intermediate.key.sh
Normal file
6
gen.intermediate.key.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating intermediate key..."
|
||||||
|
openssl genrsa -out ${rootdir}/intermdiate/key/ca.key 4096 > /dev/null 2>&1
|
||||||
|
chmod 400 ${rootdir}/intermediate/key/ca.key
|
||||||
6
gen.serverclient.cert-server.sh
Normal file
6
gen.serverclient.cert-server.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating certificate (${1})..."
|
||||||
|
openssl CA -config ${rootdir}/intermediate/openssl.cnf -days 3650 -extensions server_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.crt > /dev/null 2>&1
|
||||||
|
chmod 444 ${rootdir}/${1}/crt/${1}.crt
|
||||||
6
gen.serverclient.cert-user.sh
Normal file
6
gen.serverclient.cert-user.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating certificate (${1})..."
|
||||||
|
openssl CA -config ${rootdir}/intermediate/openssl.cnf -days 3650 -extensions usr_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.crt > /dev/null 2>&1
|
||||||
|
chmod 444 ${rootdir}/crt/${1}.crt
|
||||||
5
gen.serverclient.csr.sh
Normal file
5
gen.serverclient.csr.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating CSR (${1})..."
|
||||||
|
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/key/${1}.key -out ${rootdir}/csr/${1}.csr > /dev/null 2>&1
|
||||||
6
gen.serverclient.key.sh
Normal file
6
gen.serverclient.key.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "Generating client key (${1})..."
|
||||||
|
openssl genrsa -out ${rootdir}/key/${1}.key 4096 > /dev/null 2>&1
|
||||||
|
chmod 400 ${rootdir}/key/${1}.key
|
||||||
148
new.ca.sh
Executable file
148
new.ca.sh
Executable file
@ -0,0 +1,148 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
|
||||||
|
rootdir='/root/ssl/ca'
|
||||||
|
bindir="$(dirname ${0})"
|
||||||
|
export rootdir
|
||||||
|
export bindir
|
||||||
|
|
||||||
|
echo "If you continue, I will completely DELETE (if found):"
|
||||||
|
echo " ${rootdir}/key"
|
||||||
|
echo " ${rootdir}/crt"
|
||||||
|
echo " ${rootdir}/crl"
|
||||||
|
echo " ${rootdir}/csr"
|
||||||
|
echo " ${rootdir}/index.txt"
|
||||||
|
echo " ${rootdir}/serial"
|
||||||
|
echo
|
||||||
|
echo "To continue, type YESIAMCRAZY and hit the enter key."
|
||||||
|
read RUCRAZY
|
||||||
|
|
||||||
|
if [[ "${RUCRAZY}" != 'YESIAMCRAZY' ]];
|
||||||
|
then
|
||||||
|
echo '"IAMCRAZY" *NOT* entered. Quitting.'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Deleting CA hierarchy and creating clean..."
|
||||||
|
# https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
|
||||||
|
rm -rf ${rootdir}/{key,crt,crl,csr,index.txt,serial}
|
||||||
|
mkdir -p ${rootdir}/{key,crt,crl,csr}
|
||||||
|
echo '1000' > ${rootdir}/serial
|
||||||
|
touch ${rootdir}/index.txt
|
||||||
|
chmod 700 ${rootdir}
|
||||||
|
chmod 700 ${rootdir}/key
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
base64 -d >> ${rootdir}/openssl.cnf << EOF
|
||||||
|
IyBPcGVuU1NMIHJvb3QgQ0EgY29uZmlndXJhdGlvbiBmaWxlLgojIGh0dHBzOi8vamFtaWVsaW51
|
||||||
|
eC5jb20vZG9jcy9vcGVuc3NsLWNlcnRpZmljYXRlLWF1dGhvcml0eS9jcmVhdGUtdGhlLXJvb3Qt
|
||||||
|
cGFpci5odG1sCgpbIGNhIF0KIyBgbWFuIGNhYApkZWZhdWx0X2NhID0gQ0FfZGVmYXVsdAoKWyBD
|
||||||
|
QV9kZWZhdWx0IF0KIyBEaXJlY3RvcnkgYW5kIGZpbGUgbG9jYXRpb25zLgpkaXIgICAgICAgICAg
|
||||||
|
ICAgICA9ICUlVEVNUExBVEVfUk9PVERJUiUlCmNlcnRzICAgICAgICAgICAgID0gJGRpci9jcnQK
|
||||||
|
Y3JsX2RpciAgICAgICAgICAgPSAkZGlyL2NybApuZXdfY2VydHNfZGlyICAgICA9ICRkaXIvY3J0
|
||||||
|
CmRhdGFiYXNlICAgICAgICAgID0gJGRpci9pbmRleC50eHQKc2VyaWFsICAgICAgICAgICAgPSAk
|
||||||
|
ZGlyL3NlcmlhbApSQU5ERklMRSAgICAgICAgICA9ICRkaXIva2V5Ly5yYW5kCgojIFRoZSByb290
|
||||||
|
IGtleSBhbmQgcm9vdCBjZXJ0aWZpY2F0ZS4KcHJpdmF0ZV9rZXkgICAgICAgPSAkZGlyL2tleS9j
|
||||||
|
YS5rZXkKY2VydGlmaWNhdGUgICAgICAgPSAkZGlyL2NydC9jYS5jcnQKCiMgRm9yIGNlcnRpZmlj
|
||||||
|
YXRlIHJldm9jYXRpb24gbGlzdHMuCmNybG51bWJlciAgICAgICAgID0gJGRpci9jcmxudW1iZXIK
|
||||||
|
Y3JsICAgICAgICAgICAgICAgPSAkZGlyL2NybC9jYS5jcmwKY3JsX2V4dGVuc2lvbnMgICAgPSBj
|
||||||
|
cmxfZXh0CmRlZmF1bHRfY3JsX2RheXMgID0gMzAKCiMgU0hBLTEgaXMgZGVwcmVjYXRlZCwgc28g
|
||||||
|
dXNlIFNIQS0yIGluc3RlYWQuCmRlZmF1bHRfbWQgICAgICAgID0gc2hhNTEyCgpuYW1lX29wdCAg
|
||||||
|
ICAgICAgICA9IGNhX2RlZmF1bHQKY2VydF9vcHQgICAgICAgICAgPSBjYV9kZWZhdWx0CmRlZmF1
|
||||||
|
bHRfZGF5cyAgICAgID0gMzY1MApwcmVzZXJ2ZSAgICAgICAgICA9IG5vCnBvbGljeSAgICAgICAg
|
||||||
|
ICAgID0gcG9saWN5X3N0cmljdAoKWyBwb2xpY3lfc3RyaWN0IF0KIyBUaGUgcm9vdCBDQSBzaG91
|
||||||
|
bGQgb25seSBzaWduIGludGVybWVkaWF0ZSBjZXJ0aWZpY2F0ZXMgdGhhdCBtYXRjaC4KIyBTZWUg
|
||||||
|
dGhlIFBPTElDWSBGT1JNQVQgc2VjdGlvbiBvZiBgbWFuIGNhYC4KY291bnRyeU5hbWUgICAgICAg
|
||||||
|
ICAgICAgPSBtYXRjaApzdGF0ZU9yUHJvdmluY2VOYW1lICAgICA9IG1hdGNoCm9yZ2FuaXphdGlv
|
||||||
|
bk5hbWUgICAgICAgID0gbWF0Y2gKb3JnYW5pemF0aW9uYWxVbml0TmFtZSAgPSBvcHRpb25hbApj
|
||||||
|
b21tb25OYW1lICAgICAgICAgICAgICA9IHN1cHBsaWVkCmVtYWlsQWRkcmVzcyAgICAgICAgICAg
|
||||||
|
ID0gb3B0aW9uYWwKClsgcG9saWN5X2xvb3NlIF0KIyBBbGxvdyB0aGUgaW50ZXJtZWRpYXRlIENB
|
||||||
|
IHRvIHNpZ24gYSBtb3JlIGRpdmVyc2UgcmFuZ2Ugb2YgY2VydGlmaWNhdGVzLgojIFNlZSB0aGUg
|
||||||
|
UE9MSUNZIEZPUk1BVCBzZWN0aW9uIG9mIHRoZSBgY2FgIG1hbiBwYWdlLgpjb3VudHJ5TmFtZSAg
|
||||||
|
ICAgICAgICAgICA9IG9wdGlvbmFsCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgID0gb3B0aW9uYWwK
|
||||||
|
bG9jYWxpdHlOYW1lICAgICAgICAgICAgPSBvcHRpb25hbApvcmdhbml6YXRpb25OYW1lICAgICAg
|
||||||
|
ICA9IG9wdGlvbmFsCm9yZ2FuaXphdGlvbmFsVW5pdE5hbWUgID0gb3B0aW9uYWwKY29tbW9uTmFt
|
||||||
|
ZSAgICAgICAgICAgICAgPSBzdXBwbGllZAplbWFpbEFkZHJlc3MgICAgICAgICAgICA9IG9wdGlv
|
||||||
|
bmFsCgpbIHJlcSBdCiMgT3B0aW9ucyBmb3IgdGhlIGByZXFgIHRvb2wgKGBtYW4gcmVxYCkuCmRl
|
||||||
|
ZmF1bHRfYml0cyAgICAgICAgPSA0MDk2CmRpc3Rpbmd1aXNoZWRfbmFtZSAgPSByZXFfZGlzdGlu
|
||||||
|
Z3Vpc2hlZF9uYW1lCnN0cmluZ19tYXNrICAgICAgICAgPSB1dGY4b25seQoKIyBTSEEtMSBpcyBk
|
||||||
|
ZXByZWNhdGVkLCBzbyB1c2UgU0hBLTIgaW5zdGVhZC4KZGVmYXVsdF9tZCAgICAgICAgICA9IHNo
|
||||||
|
YTUxMgoKIyBFeHRlbnNpb24gdG8gYWRkIHdoZW4gdGhlIC14NTA5IG9wdGlvbiBpcyB1c2VkLgp4
|
||||||
|
NTA5X2V4dGVuc2lvbnMgICAgID0gdjNfY2EKClsgcmVxX2Rpc3Rpbmd1aXNoZWRfbmFtZSBdCiMg
|
||||||
|
U2VlIDxodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9DZXJ0aWZpY2F0ZV9zaWduaW5nX3Jl
|
||||||
|
cXVlc3Q+Lgpjb3VudHJ5TmFtZSAgICAgICAgICAgICAgICAgICAgID0gQ291bnRyeSBOYW1lICgy
|
||||||
|
IGxldHRlciBjb2RlKQpzdGF0ZU9yUHJvdmluY2VOYW1lICAgICAgICAgICAgID0gU3RhdGUgb3Ig
|
||||||
|
UHJvdmluY2UgTmFtZQpsb2NhbGl0eU5hbWUgICAgICAgICAgICAgICAgICAgID0gTG9jYWxpdHkg
|
||||||
|
TmFtZQowLm9yZ2FuaXphdGlvbk5hbWUgICAgICAgICAgICAgID0gT3JnYW5pemF0aW9uIE5hbWUK
|
||||||
|
b3JnYW5pemF0aW9uYWxVbml0TmFtZSAgICAgICAgICA9IE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFt
|
||||||
|
ZQpjb21tb25OYW1lICAgICAgICAgICAgICAgICAgICAgID0gQ29tbW9uIE5hbWUKZW1haWxBZGRy
|
||||||
|
ZXNzICAgICAgICAgICAgICAgICAgICA9IEVtYWlsIEFkZHJlc3MKCiMgT3B0aW9uYWxseSwgc3Bl
|
||||||
|
Y2lmeSBzb21lIGRlZmF1bHRzLgpjb3VudHJ5TmFtZV9kZWZhdWx0ICAgICAgICAgICAgID0gJSVU
|
||||||
|
RU1QTEFURV9DT1VOVFJZJSUKc3RhdGVPclByb3ZpbmNlTmFtZV9kZWZhdWx0ICAgICA9ICUlVEVN
|
||||||
|
UExBVEVfU1RBVEUlJQpsb2NhbGl0eU5hbWVfZGVmYXVsdCAgICAgICAgICAgID0gJSVURU1QTEFU
|
||||||
|
RV9DSVRZJSUKMC5vcmdhbml6YXRpb25OYW1lX2RlZmF1bHQgICAgICA9ICUlVEVNUExBVEVfT1JH
|
||||||
|
JSUKb3JnYW5pemF0aW9uYWxVbml0TmFtZV9kZWZhdWx0ICA9IAplbWFpbEFkZHJlc3NfZGVmYXVs
|
||||||
|
dCAgICAgICAgICAgID0gJSVURU1QTEFURV9TU0xBRE1JTiUlCgpbIHYzX2NhIF0KIyBFeHRlbnNp
|
||||||
|
b25zIGZvciBhIHR5cGljYWwgQ0EgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpzdWJqZWN0S2V5SWRl
|
||||||
|
bnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRpZmllciA9IGtleWlkOmFsd2F5cyxpc3N1
|
||||||
|
ZXIKYmFzaWNDb25zdHJhaW50cyA9IGNyaXRpY2FsLCBDQTp0cnVlCmtleVVzYWdlID0gY3JpdGlj
|
||||||
|
YWwsIGRpZ2l0YWxTaWduYXR1cmUsIGNSTFNpZ24sIGtleUNlcnRTaWduCgpbIHYzX2ludGVybWVk
|
||||||
|
aWF0ZV9jYSBdCiMgRXh0ZW5zaW9ucyBmb3IgYSB0eXBpY2FsIGludGVybWVkaWF0ZSBDQSAoYG1h
|
||||||
|
biB4NTA5djNfY29uZmlnYCkuCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRob3JpdHlL
|
||||||
|
ZXlJZGVudGlmaWVyID0ga2V5aWQ6YWx3YXlzLGlzc3VlcgpiYXNpY0NvbnN0cmFpbnRzID0gY3Jp
|
||||||
|
dGljYWwsIENBOnRydWUsIHBhdGhsZW46MAprZXlVc2FnZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2ln
|
||||||
|
bmF0dXJlLCBjUkxTaWduLCBrZXlDZXJ0U2lnbgoKWyB1c3JfY2VydCBdCiMgRXh0ZW5zaW9ucyBm
|
||||||
|
b3IgY2xpZW50IGNlcnRpZmljYXRlcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmJhc2ljQ29uc3Ry
|
||||||
|
YWludHMgPSBDQTpGQUxTRQpuc0NlcnRUeXBlID0gY2xpZW50LCBlbWFpbApuc0NvbW1lbnQgPSAi
|
||||||
|
Q2xpZW50IENlcnRpZmljYXRlLCAlJVRFTVBMQVRFX0RPTUFJTiUlIChvcGVuc3NsKSIKc3ViamVj
|
||||||
|
dEtleUlkZW50aWZpZXIgPSBoYXNoCmF1dGhvcml0eUtleUlkZW50aWZpZXIgPSBrZXlpZCxpc3N1
|
||||||
|
ZXIKa2V5VXNhZ2UgPSBjcml0aWNhbCwgbm9uUmVwdWRpYXRpb24sIGRpZ2l0YWxTaWduYXR1cmUs
|
||||||
|
IGtleUVuY2lwaGVybWVudApleHRlbmRlZEtleVVzYWdlID0gY2xpZW50QXV0aCwgZW1haWxQcm90
|
||||||
|
ZWN0aW9uCgpbIHNlcnZlcl9jZXJ0IF0KIyBFeHRlbnNpb25zIGZvciBzZXJ2ZXIgY2VydGlmaWNh
|
||||||
|
dGVzIChgbWFuIHg1MDl2M19jb25maWdgKS4KYmFzaWNDb25zdHJhaW50cyA9IENBOkZBTFNFCm5z
|
||||||
|
Q2VydFR5cGUgPSBzZXJ2ZXIKbnNDb21tZW50ID0gIlNlcnZlciBDZXJ0aWZpY2F0ZSwgJSVURU1Q
|
||||||
|
TEFURV9ET01BSU4lJSAob3BlbnNzbCkiCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRo
|
||||||
|
b3JpdHlLZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyOmFsd2F5cwprZXlVc2FnZSA9IGNyaXRp
|
||||||
|
Y2FsLCBkaWdpdGFsU2lnbmF0dXJlLCBrZXlFbmNpcGhlcm1lbnQKZXh0ZW5kZWRLZXlVc2FnZSA9
|
||||||
|
IHNlcnZlckF1dGgKClsgY3JsX2V4dCBdCiMgRXh0ZW5zaW9uIGZvciBDUkxzIChgbWFuIHg1MDl2
|
||||||
|
M19jb25maWdgKS4KYXV0aG9yaXR5S2V5SWRlbnRpZmllcj1rZXlpZDphbHdheXMKClsgb2NzcCBd
|
||||||
|
CiMgRXh0ZW5zaW9uIGZvciBPQ1NQIHNpZ25pbmcgY2VydGlmaWNhdGVzIChgbWFuIG9jc3BgKS4K
|
||||||
|
YmFzaWNDb25zdHJhaW50cyA9IENBOkZBTFNFCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAph
|
||||||
|
dXRob3JpdHlLZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyCmtleVVzYWdlID0gY3JpdGljYWws
|
||||||
|
IGRpZ2l0YWxTaWduYXR1cmUKZXh0ZW5kZWRLZXlVc2FnZSA9IGNyaXRpY2FsLCBPQ1NQU2lnbmlu
|
||||||
|
ZwoK
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Customizing openssl.cnf..."
|
||||||
|
echo
|
||||||
|
echo -n "What is your ORGANIZATION'S name? "
|
||||||
|
read ORGNAME
|
||||||
|
export ORGNAME
|
||||||
|
echo -n "And what is your organization's MAIN DOMAIN? "
|
||||||
|
read ORGSITE
|
||||||
|
export ORGSITE
|
||||||
|
echo -n "What Country (two-letter abbreviation) is your organization locatied in? "
|
||||||
|
read ORGCNTRY
|
||||||
|
export ORGCNTRY
|
||||||
|
echo -n "What State (full name) is your organization located in? "
|
||||||
|
read ORGSTATE
|
||||||
|
export ORGSTATE
|
||||||
|
echo -n "What City is your organization located in? "
|
||||||
|
read ORGCITY
|
||||||
|
export ORGCITY
|
||||||
|
echo -n "Lastly, what email address should be used for the SSL administrator? "
|
||||||
|
read SSLADMIN
|
||||||
|
export SSLADMIN
|
||||||
|
|
||||||
|
sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf
|
||||||
|
|
||||||
|
NEWCA='yes'
|
||||||
|
export NEWCA
|
||||||
|
|
||||||
|
sh ${bindir}/gen.ca.key.sh
|
||||||
|
sh ${bindir}/gen.ca.cert.sh
|
||||||
|
sh ${bindir}/new.intermediate.sh
|
||||||
|
sh ${bindir}/new.serverclient.sh ${ORGSITE}
|
||||||
|
|
||||||
154
new.intermediate.sh
Normal file
154
new.intermediate.sh
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
|
||||||
|
if [[ -z "${NEWCA}" ]];
|
||||||
|
then
|
||||||
|
|
||||||
|
rootdir='/root/ssl/ca'
|
||||||
|
bindir="$(dirname ${0})"
|
||||||
|
export rootdir
|
||||||
|
export bindir
|
||||||
|
|
||||||
|
echo "If you continue, I will completely DELETE (if found):"
|
||||||
|
echo " ${rootdir}/intermediate/key"
|
||||||
|
echo " ${rootdir}/intermediate/crt"
|
||||||
|
echo " ${rootdir}/intermediate/crl"
|
||||||
|
echo " ${rootdir}/intermediate/csr"
|
||||||
|
echo " ${rootdir}/intermediate/index.txt"
|
||||||
|
echo " ${rootdir}/intermediate/serial"
|
||||||
|
echo
|
||||||
|
echo "To continue, type YESIAMCRAZY and hit the enter key."
|
||||||
|
read RUCRAZY2
|
||||||
|
else
|
||||||
|
RUCRAZY2='YESIAMCRAZY'
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${RUCRAZY2}" != 'YESIAMCRAZY' ]];
|
||||||
|
then
|
||||||
|
echo '"IAMCRAZY" *NOT* entered. Quitting.'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
echo "Deleting intermediary hierarchy and creating clean..."
|
||||||
|
rm -rf ${rootdir}/intermediate/{key,crt,crl,csr,index.txt,serial}
|
||||||
|
mkdir -p ${rootdir}/intermediate/{key,crt,crl,csr}
|
||||||
|
echo '1000' > ${rootdir}/intermediate/serial
|
||||||
|
touch ${rootdir}/intermediate/index.txt
|
||||||
|
chmod 700 ${rootdir}/intermediate
|
||||||
|
chmod 700 ${rootdir}/intermediate/key
|
||||||
|
echo 1000 > ${rootdir}/intermediate/crlnumber
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
base64 -d >> ${rootdir}/intermediate/openssl.cnf << EOF
|
||||||
|
IyBPcGVuU1NMIGludGVybWVkaWF0ZSBDQSBjb25maWd1cmF0aW9uIGZpbGUuCiMgQ29weSB0byBg
|
||||||
|
L3Jvb3QvY2EvaW50ZXJtZWRpYXRlL29wZW5zc2wuY25mYC4KClsgY2EgXQojIGBtYW4gY2FgCmRl
|
||||||
|
ZmF1bHRfY2EgPSBDQV9kZWZhdWx0CgpbIENBX2RlZmF1bHQgXQojIERpcmVjdG9yeSBhbmQgZmls
|
||||||
|
ZSBsb2NhdGlvbnMuCmRpciAgICAgICAgICAgICAgID0gJSVURU1QTEFURV9ST09URElSJSUvaW50
|
||||||
|
ZXJtZWRpYXRlCmNlcnRzICAgICAgICAgICAgID0gJGRpci9jcnQKY3JsX2RpciAgICAgICAgICAg
|
||||||
|
PSAkZGlyL2NybApuZXdfY2VydHNfZGlyICAgICA9ICRkaXIvY3J0CmRhdGFiYXNlICAgICAgICAg
|
||||||
|
ID0gJGRpci9pbmRleC50eHQKc2VyaWFsICAgICAgICAgICAgPSAkZGlyL3NlcmlhbApSQU5ERklM
|
||||||
|
RSAgICAgICAgICA9ICRkaXIva2V5Ly5yYW5kCgojIFRoZSByb290IGtleSBhbmQgcm9vdCBjZXJ0
|
||||||
|
aWZpY2F0ZS4KcHJpdmF0ZV9rZXkgICAgICAgPSAkZGlyL2tleS9pbnRlcm1lZGlhdGUua2V5CmNl
|
||||||
|
cnRpZmljYXRlICAgICAgID0gJGRpci9jcnQvaW50ZXJtZWRpYXRlLmNydAoKIyBGb3IgY2VydGlm
|
||||||
|
aWNhdGUgcmV2b2NhdGlvbiBsaXN0cy4KY3JsbnVtYmVyICAgICAgICAgPSAkZGlyL2NybG51bWJl
|
||||||
|
cgpjcmwgICAgICAgICAgICAgICA9ICRkaXIvY3JsL2ludGVybWVkaWF0ZS5jcmwKY3JsX2V4dGVu
|
||||||
|
c2lvbnMgICAgPSBjcmxfZXh0CmRlZmF1bHRfY3JsX2RheXMgID0gMzAKCiMgU0hBLTEgaXMgZGVw
|
||||||
|
cmVjYXRlZCwgc28gdXNlIFNIQS0yIGluc3RlYWQuCmRlZmF1bHRfbWQgICAgICAgID0gc2hhNTEy
|
||||||
|
CgpuYW1lX29wdCAgICAgICAgICA9IGNhX2RlZmF1bHQKY2VydF9vcHQgICAgICAgICAgPSBjYV9k
|
||||||
|
ZWZhdWx0CmRlZmF1bHRfZGF5cyAgICAgID0gMzY1MApwcmVzZXJ2ZSAgICAgICAgICA9IG5vCnBv
|
||||||
|
bGljeSAgICAgICAgICAgID0gcG9saWN5X2xvb3NlCgpbIHBvbGljeV9zdHJpY3QgXQojIFRoZSBy
|
||||||
|
b290IENBIHNob3VsZCBvbmx5IHNpZ24gaW50ZXJtZWRpYXRlIGNlcnRpZmljYXRlcyB0aGF0IG1h
|
||||||
|
dGNoLgojIFNlZSB0aGUgUE9MSUNZIEZPUk1BVCBzZWN0aW9uIG9mIGBtYW4gY2FgLgpjb3VudHJ5
|
||||||
|
TmFtZSAgICAgICAgICAgICA9IG1hdGNoCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgID0gbWF0Y2gK
|
||||||
|
b3JnYW5pemF0aW9uTmFtZSAgICAgICAgPSBtYXRjaApvcmdhbml6YXRpb25hbFVuaXROYW1lICA9
|
||||||
|
IG9wdGlvbmFsCmNvbW1vbk5hbWUgICAgICAgICAgICAgID0gc3VwcGxpZWQKZW1haWxBZGRyZXNz
|
||||||
|
ICAgICAgICAgICAgPSBvcHRpb25hbAoKWyBwb2xpY3lfbG9vc2UgXQojIEFsbG93IHRoZSBpbnRl
|
||||||
|
cm1lZGlhdGUgQ0EgdG8gc2lnbiBhIG1vcmUgZGl2ZXJzZSByYW5nZSBvZiBjZXJ0aWZpY2F0ZXMu
|
||||||
|
CiMgU2VlIHRoZSBQT0xJQ1kgRk9STUFUIHNlY3Rpb24gb2YgdGhlIGBjYWAgbWFuIHBhZ2UuCmNv
|
||||||
|
dW50cnlOYW1lICAgICAgICAgICAgID0gb3B0aW9uYWwKc3RhdGVPclByb3ZpbmNlTmFtZSAgICAg
|
||||||
|
PSBvcHRpb25hbApsb2NhbGl0eU5hbWUgICAgICAgICAgICA9IG9wdGlvbmFsCm9yZ2FuaXphdGlv
|
||||||
|
bk5hbWUgICAgICAgID0gb3B0aW9uYWwKb3JnYW5pemF0aW9uYWxVbml0TmFtZSAgPSBvcHRpb25h
|
||||||
|
bApjb21tb25OYW1lICAgICAgICAgICAgICA9IHN1cHBsaWVkCmVtYWlsQWRkcmVzcyAgICAgICAg
|
||||||
|
ICAgID0gb3B0aW9uYWwKClsgcmVxIF0KIyBPcHRpb25zIGZvciB0aGUgYHJlcWAgdG9vbCAoYG1h
|
||||||
|
biByZXFgKS4KZGVmYXVsdF9iaXRzICAgICAgICA9IDQwOTYKZGlzdGluZ3Vpc2hlZF9uYW1lICA9
|
||||||
|
IHJlcV9kaXN0aW5ndWlzaGVkX25hbWUKc3RyaW5nX21hc2sgICAgICAgICA9IHV0Zjhvbmx5Cgoj
|
||||||
|
IFNIQS0xIGlzIGRlcHJlY2F0ZWQsIHNvIHVzZSBTSEEtMiBpbnN0ZWFkLgpkZWZhdWx0X21kICAg
|
||||||
|
ICAgICAgID0gc2hhNTEyCgojIEV4dGVuc2lvbiB0byBhZGQgd2hlbiB0aGUgLXg1MDkgb3B0aW9u
|
||||||
|
IGlzIHVzZWQuCng1MDlfZXh0ZW5zaW9ucyAgICAgPSB2M19jYQoKWyByZXFfZGlzdGluZ3Vpc2hl
|
||||||
|
ZF9uYW1lIF0KIyBTZWUgPGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL0NlcnRpZmljYXRl
|
||||||
|
X3NpZ25pbmdfcmVxdWVzdD4uCmNvdW50cnlOYW1lICAgICAgICAgICAgICAgICAgICAgPSBDb3Vu
|
||||||
|
dHJ5IE5hbWUgKDIgbGV0dGVyIGNvZGUpCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgICAgICAgICAg
|
||||||
|
PSBTdGF0ZSBvciBQcm92aW5jZSBOYW1lCmxvY2FsaXR5TmFtZSAgICAgICAgICAgICAgICAgICAg
|
||||||
|
PSBMb2NhbGl0eSBOYW1lCjAub3JnYW5pemF0aW9uTmFtZSAgICAgICAgICAgICAgPSBPcmdhbml6
|
||||||
|
YXRpb24gTmFtZQpvcmdhbml6YXRpb25hbFVuaXROYW1lICAgICAgICAgID0gT3JnYW5pemF0aW9u
|
||||||
|
YWwgVW5pdCBOYW1lCmNvbW1vbk5hbWUgICAgICAgICAgICAgICAgICAgICAgPSBDb21tb24gTmFt
|
||||||
|
ZQplbWFpbEFkZHJlc3MgICAgICAgICAgICAgICAgICAgID0gRW1haWwgQWRkcmVzcwoKIyBPcHRp
|
||||||
|
b25hbGx5LCBzcGVjaWZ5IHNvbWUgZGVmYXVsdHMuCmNvdW50cnlOYW1lX2RlZmF1bHQgICAgICAg
|
||||||
|
ICAgICAgPSAlJVRFTVBMQVRFX0NPVU5UUlklJQpzdGF0ZU9yUHJvdmluY2VOYW1lX2RlZmF1bHQg
|
||||||
|
ICAgID0gJSVURU1QTEFURV9TVEFURSUlCmxvY2FsaXR5TmFtZV9kZWZhdWx0ICAgICAgICAgICAg
|
||||||
|
PSAlJVRFTVBMQVRFX0NJVFklJQowLm9yZ2FuaXphdGlvbk5hbWVfZGVmYXVsdCAgICAgID0gJSVU
|
||||||
|
RU1QTEFURV9PUkclJQpvcmdhbml6YXRpb25hbFVuaXROYW1lX2RlZmF1bHQgID0KZW1haWxBZGRy
|
||||||
|
ZXNzX2RlZmF1bHQgICAgICAgICAgICA9ICUlVEVNUExBVEVfU1NMQURNSU4lJQoKWyB2M19jYSBd
|
||||||
|
CiMgRXh0ZW5zaW9ucyBmb3IgYSB0eXBpY2FsIENBIChgbWFuIHg1MDl2M19jb25maWdgKS4Kc3Vi
|
||||||
|
amVjdEtleUlkZW50aWZpZXIgPSBoYXNoCmF1dGhvcml0eUtleUlkZW50aWZpZXIgPSBrZXlpZDph
|
||||||
|
bHdheXMsaXNzdWVyCmJhc2ljQ29uc3RyYWludHMgPSBjcml0aWNhbCwgQ0E6dHJ1ZQprZXlVc2Fn
|
||||||
|
ZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2lnbmF0dXJlLCBjUkxTaWduLCBrZXlDZXJ0U2lnbgoKWyB2
|
||||||
|
M19pbnRlcm1lZGlhdGVfY2EgXQojIEV4dGVuc2lvbnMgZm9yIGEgdHlwaWNhbCBpbnRlcm1lZGlh
|
||||||
|
dGUgQ0EgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gK
|
||||||
|
YXV0aG9yaXR5S2V5SWRlbnRpZmllciA9IGtleWlkOmFsd2F5cyxpc3N1ZXIKYmFzaWNDb25zdHJh
|
||||||
|
aW50cyA9IGNyaXRpY2FsLCBDQTp0cnVlLCBwYXRobGVuOjAKa2V5VXNhZ2UgPSBjcml0aWNhbCwg
|
||||||
|
ZGlnaXRhbFNpZ25hdHVyZSwgY1JMU2lnbiwga2V5Q2VydFNpZ24KClsgdXNyX2NlcnQgXQojIEV4
|
||||||
|
dGVuc2lvbnMgZm9yIGNsaWVudCBjZXJ0aWZpY2F0ZXMgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpi
|
||||||
|
YXNpY0NvbnN0cmFpbnRzID0gQ0E6RkFMU0UKbnNDZXJ0VHlwZSA9IGNsaWVudCwgZW1haWwKbnND
|
||||||
|
b21tZW50ID0gIkNsaWVudCBDZXJ0aWZpY2F0ZSwgJSVURU1QTEFURV9ET01BSU4lJSAoaW50ZXJt
|
||||||
|
ZWRpYXRlKSAob3BlbnNzbCkiCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRob3JpdHlL
|
||||||
|
ZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyCmtleVVzYWdlID0gY3JpdGljYWwsIG5vblJlcHVk
|
||||||
|
aWF0aW9uLCBkaWdpdGFsU2lnbmF0dXJlLCBrZXlFbmNpcGhlcm1lbnQKZXh0ZW5kZWRLZXlVc2Fn
|
||||||
|
ZSA9IGNsaWVudEF1dGgsIGVtYWlsUHJvdGVjdGlvbgoKWyBzZXJ2ZXJfY2VydCBdCiMgRXh0ZW5z
|
||||||
|
aW9ucyBmb3Igc2VydmVyIGNlcnRpZmljYXRlcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmJhc2lj
|
||||||
|
Q29uc3RyYWludHMgPSBDQTpGQUxTRQpuc0NlcnRUeXBlID0gc2VydmVyCm5zQ29tbWVudCA9ICJT
|
||||||
|
ZXJ2ZXIgQ2VydGlmaWNhdGUsICUlVEVNUExBVEVfRE9NQUlOJSUgKGluZGVybWVkaWF0ZSkgKG9w
|
||||||
|
ZW5zc2wpIgpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRpZmll
|
||||||
|
ciA9IGtleWlkLGlzc3VlcjphbHdheXMKa2V5VXNhZ2UgPSBjcml0aWNhbCwgZGlnaXRhbFNpZ25h
|
||||||
|
dHVyZSwga2V5RW5jaXBoZXJtZW50CmV4dGVuZGVkS2V5VXNhZ2UgPSBzZXJ2ZXJBdXRoCgpbIGNy
|
||||||
|
bF9leHQgXQojIEV4dGVuc2lvbiBmb3IgQ1JMcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmF1dGhv
|
||||||
|
cml0eUtleUlkZW50aWZpZXI9a2V5aWQ6YWx3YXlzCgpbIG9jc3AgXQojIEV4dGVuc2lvbiBmb3Ig
|
||||||
|
T0NTUCBzaWduaW5nIGNlcnRpZmljYXRlcyAoYG1hbiBvY3NwYCkuCmJhc2ljQ29uc3RyYWludHMg
|
||||||
|
PSBDQTpGQUxTRQpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRp
|
||||||
|
ZmllciA9IGtleWlkLGlzc3VlcgprZXlVc2FnZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2lnbmF0dXJl
|
||||||
|
CmV4dGVuZGVkS2V5VXNhZ2UgPSBjcml0aWNhbCwgT0NTUFNpZ25pbmcKCg==
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [[ -z ${NEWCA} ]];
|
||||||
|
then
|
||||||
|
echo "Customizing openssl.cnf..."
|
||||||
|
echo
|
||||||
|
echo -n "What is your ORGANIZATION'S name? "
|
||||||
|
read ORGNAME
|
||||||
|
export ORGNAME
|
||||||
|
echo -n "And what is your organization's MAIN DOMAIN? "
|
||||||
|
read ORGSITE
|
||||||
|
export ORGSITE
|
||||||
|
echo -n "What Country (two-letter abbreviation) is your organization locatied in? "
|
||||||
|
read ORGCNTRY
|
||||||
|
export ORGCNTRY
|
||||||
|
echo -n "What State (full name) is your organization located in? "
|
||||||
|
read ORGSTATE
|
||||||
|
export ORGSTATE
|
||||||
|
echo -n "What City is your organization located in? "
|
||||||
|
read ORGCITY
|
||||||
|
export ORGCITY
|
||||||
|
echo -n "Lastly, what email address should be used for the SSL administrator? "
|
||||||
|
read SSLADMIN
|
||||||
|
export SSLADMIN
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf
|
||||||
|
|
||||||
|
sh ${bindir}/gen.intermediate.key.sh
|
||||||
|
sh ${bindir}/gen.intermediate.csr.sh
|
||||||
|
sh ${bindir}/gen.intermediate.cert.sh
|
||||||
|
sh ${bindir}/gen.intermediate.chain.sh
|
||||||
21
new.serverclient.sh
Normal file
21
new.serverclient.sh
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [[ -n "${1}" ]];
|
||||||
|
then
|
||||||
|
CN=${1}
|
||||||
|
export CN
|
||||||
|
else
|
||||||
|
echo "You need to provide a CN name!"
|
||||||
|
echo "e.g. ${0} someCNhere"
|
||||||
|
echo "(You probably want the domain/subdomain there)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
sh ${bindir}/gen.serverclient.key.sh ${CN}
|
||||||
|
sh ${bindir}/gen.serverclient.csr.sh ${CN}
|
||||||
|
sh ${bindir}/gen.serverclient.cert-server.sh ${CN}
|
||||||
|
#sh ${bindir}/gen.serverclient.cert-user.sh ${CN}
|
||||||
|
sh ${bindir}/gen.serverclient.chain.sh ${CN}
|
||||||
Reference in New Issue
Block a user