#!/bin/bash set -e if [[ -z "${NEWCA}" ]]; then rootdir='/root/ssl/ca' bindir="$(dirname ${0})" export rootdir export bindir echo "If you continue, I will completely DELETE (if found):" echo " ${rootdir}/intermediate/key" echo " ${rootdir}/intermediate/crt" echo " ${rootdir}/intermediate/crl" echo " ${rootdir}/intermediate/csr" echo " ${rootdir}/intermediate/index.txt" echo " ${rootdir}/intermediate/serial" echo echo "To continue, type YESIAMCRAZY and hit the enter key." read RUCRAZY2 else RUCRAZY2='YESIAMCRAZY' export rootdir export bindir export ORGNAME export ORGSITE export ORGCNTRY export ORGSTATE export ORGCITY export SSLADMIN export NEWCA fi if [[ "${RUCRAZY2}" != 'YESIAMCRAZY' ]]; then echo '"IAMCRAZY" *NOT* entered. Quitting.' exit 1 fi echo "Deleting intermediary hierarchy and creating clean..." rm -rf ${rootdir}/intermediate/{key,crt,crl,csr,index.txt,serial} mkdir -p ${rootdir}/intermediate/{key,crt,crl,csr} echo '1000' > ${rootdir}/intermediate/serial touch ${rootdir}/intermediate/index.txt chmod 700 ${rootdir}/intermediate chmod 700 ${rootdir}/intermediate/key echo 1000 > ${rootdir}/intermediate/crlnumber base64 -d >> ${rootdir}/intermediate/openssl.cnf << EOF IyBPcGVuU1NMIGludGVybWVkaWF0ZSBDQSBjb25maWd1cmF0aW9uIGZpbGUuCiMgQ29weSB0byBg L3Jvb3QvY2EvaW50ZXJtZWRpYXRlL29wZW5zc2wuY25mYC4KClsgY2EgXQojIGBtYW4gY2FgCmRl ZmF1bHRfY2EgPSBDQV9kZWZhdWx0CgpbIENBX2RlZmF1bHQgXQojIERpcmVjdG9yeSBhbmQgZmls ZSBsb2NhdGlvbnMuCmRpciAgICAgICAgICAgICAgID0gJSVURU1QTEFURV9ST09URElSJSUvaW50 ZXJtZWRpYXRlCmNlcnRzICAgICAgICAgICAgID0gJGRpci9jcnQKY3JsX2RpciAgICAgICAgICAg PSAkZGlyL2NybApuZXdfY2VydHNfZGlyICAgICA9ICRkaXIvY3J0CmRhdGFiYXNlICAgICAgICAg ID0gJGRpci9pbmRleC50eHQKc2VyaWFsICAgICAgICAgICAgPSAkZGlyL3NlcmlhbApSQU5ERklM RSAgICAgICAgICA9ICRkaXIva2V5Ly5yYW5kCgojIFRoZSByb290IGtleSBhbmQgcm9vdCBjZXJ0 aWZpY2F0ZS4KcHJpdmF0ZV9rZXkgICAgICAgPSAkZGlyL2tleS9pbnRlcm1lZGlhdGUua2V5CmNl cnRpZmljYXRlICAgICAgID0gJGRpci9jcnQvaW50ZXJtZWRpYXRlLmNydAoKIyBGb3IgY2VydGlm aWNhdGUgcmV2b2NhdGlvbiBsaXN0cy4KY3JsbnVtYmVyICAgICAgICAgPSAkZGlyL2NybG51bWJl cgpjcmwgICAgICAgICAgICAgICA9ICRkaXIvY3JsL2ludGVybWVkaWF0ZS5jcmwKY3JsX2V4dGVu c2lvbnMgICAgPSBjcmxfZXh0CmRlZmF1bHRfY3JsX2RheXMgID0gMzAKCiMgU0hBLTEgaXMgZGVw cmVjYXRlZCwgc28gdXNlIFNIQS0yIGluc3RlYWQuCmRlZmF1bHRfbWQgICAgICAgID0gc2hhNTEy CgpuYW1lX29wdCAgICAgICAgICA9IGNhX2RlZmF1bHQKY2VydF9vcHQgICAgICAgICAgPSBjYV9k ZWZhdWx0CmRlZmF1bHRfZGF5cyAgICAgID0gMzY1MApwcmVzZXJ2ZSAgICAgICAgICA9IG5vCnBv bGljeSAgICAgICAgICAgID0gcG9saWN5X2xvb3NlCgpbIHBvbGljeV9zdHJpY3QgXQojIFRoZSBy b290IENBIHNob3VsZCBvbmx5IHNpZ24gaW50ZXJtZWRpYXRlIGNlcnRpZmljYXRlcyB0aGF0IG1h dGNoLgojIFNlZSB0aGUgUE9MSUNZIEZPUk1BVCBzZWN0aW9uIG9mIGBtYW4gY2FgLgpjb3VudHJ5 TmFtZSAgICAgICAgICAgICA9IG1hdGNoCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgID0gbWF0Y2gK b3JnYW5pemF0aW9uTmFtZSAgICAgICAgPSBtYXRjaApvcmdhbml6YXRpb25hbFVuaXROYW1lICA9 IG9wdGlvbmFsCmNvbW1vbk5hbWUgICAgICAgICAgICAgID0gc3VwcGxpZWQKZW1haWxBZGRyZXNz ICAgICAgICAgICAgPSBvcHRpb25hbAoKWyBwb2xpY3lfbG9vc2UgXQojIEFsbG93IHRoZSBpbnRl cm1lZGlhdGUgQ0EgdG8gc2lnbiBhIG1vcmUgZGl2ZXJzZSByYW5nZSBvZiBjZXJ0aWZpY2F0ZXMu CiMgU2VlIHRoZSBQT0xJQ1kgRk9STUFUIHNlY3Rpb24gb2YgdGhlIGBjYWAgbWFuIHBhZ2UuCmNv dW50cnlOYW1lICAgICAgICAgICAgID0gb3B0aW9uYWwKc3RhdGVPclByb3ZpbmNlTmFtZSAgICAg PSBvcHRpb25hbApsb2NhbGl0eU5hbWUgICAgICAgICAgICA9IG9wdGlvbmFsCm9yZ2FuaXphdGlv bk5hbWUgICAgICAgID0gb3B0aW9uYWwKb3JnYW5pemF0aW9uYWxVbml0TmFtZSAgPSBvcHRpb25h bApjb21tb25OYW1lICAgICAgICAgICAgICA9IHN1cHBsaWVkCmVtYWlsQWRkcmVzcyAgICAgICAg ICAgID0gb3B0aW9uYWwKClsgcmVxIF0KIyBPcHRpb25zIGZvciB0aGUgYHJlcWAgdG9vbCAoYG1h biByZXFgKS4KZGVmYXVsdF9iaXRzICAgICAgICA9IDQwOTYKZGlzdGluZ3Vpc2hlZF9uYW1lICA9 IHJlcV9kaXN0aW5ndWlzaGVkX25hbWUKc3RyaW5nX21hc2sgICAgICAgICA9IHV0Zjhvbmx5Cgoj IFNIQS0xIGlzIGRlcHJlY2F0ZWQsIHNvIHVzZSBTSEEtMiBpbnN0ZWFkLgpkZWZhdWx0X21kICAg ICAgICAgID0gc2hhNTEyCgojIEV4dGVuc2lvbiB0byBhZGQgd2hlbiB0aGUgLXg1MDkgb3B0aW9u IGlzIHVzZWQuCng1MDlfZXh0ZW5zaW9ucyAgICAgPSB2M19jYQoKWyByZXFfZGlzdGluZ3Vpc2hl ZF9uYW1lIF0KIyBTZWUgPGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL0NlcnRpZmljYXRl X3NpZ25pbmdfcmVxdWVzdD4uCmNvdW50cnlOYW1lICAgICAgICAgICAgICAgICAgICAgPSBDb3Vu dHJ5IE5hbWUgKDIgbGV0dGVyIGNvZGUpCnN0YXRlT3JQcm92aW5jZU5hbWUgICAgICAgICAgICAg PSBTdGF0ZSBvciBQcm92aW5jZSBOYW1lCmxvY2FsaXR5TmFtZSAgICAgICAgICAgICAgICAgICAg PSBMb2NhbGl0eSBOYW1lCjAub3JnYW5pemF0aW9uTmFtZSAgICAgICAgICAgICAgPSBPcmdhbml6 YXRpb24gTmFtZQpvcmdhbml6YXRpb25hbFVuaXROYW1lICAgICAgICAgID0gT3JnYW5pemF0aW9u YWwgVW5pdCBOYW1lCmNvbW1vbk5hbWUgICAgICAgICAgICAgICAgICAgICAgPSBDb21tb24gTmFt ZQplbWFpbEFkZHJlc3MgICAgICAgICAgICAgICAgICAgID0gRW1haWwgQWRkcmVzcwoKIyBPcHRp b25hbGx5LCBzcGVjaWZ5IHNvbWUgZGVmYXVsdHMuCmNvdW50cnlOYW1lX2RlZmF1bHQgICAgICAg ICAgICAgPSAlJVRFTVBMQVRFX0NPVU5UUlklJQpzdGF0ZU9yUHJvdmluY2VOYW1lX2RlZmF1bHQg ICAgID0gJSVURU1QTEFURV9TVEFURSUlCmxvY2FsaXR5TmFtZV9kZWZhdWx0ICAgICAgICAgICAg PSAlJVRFTVBMQVRFX0NJVFklJQowLm9yZ2FuaXphdGlvbk5hbWVfZGVmYXVsdCAgICAgID0gJSVU RU1QTEFURV9PUkclJQpvcmdhbml6YXRpb25hbFVuaXROYW1lX2RlZmF1bHQgID0KZW1haWxBZGRy ZXNzX2RlZmF1bHQgICAgICAgICAgICA9ICUlVEVNUExBVEVfU1NMQURNSU4lJQoKWyB2M19jYSBd CiMgRXh0ZW5zaW9ucyBmb3IgYSB0eXBpY2FsIENBIChgbWFuIHg1MDl2M19jb25maWdgKS4Kc3Vi amVjdEtleUlkZW50aWZpZXIgPSBoYXNoCmF1dGhvcml0eUtleUlkZW50aWZpZXIgPSBrZXlpZDph bHdheXMsaXNzdWVyCmJhc2ljQ29uc3RyYWludHMgPSBjcml0aWNhbCwgQ0E6dHJ1ZQprZXlVc2Fn ZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2lnbmF0dXJlLCBjUkxTaWduLCBrZXlDZXJ0U2lnbgoKWyB2 M19pbnRlcm1lZGlhdGVfY2EgXQojIEV4dGVuc2lvbnMgZm9yIGEgdHlwaWNhbCBpbnRlcm1lZGlh dGUgQ0EgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gK YXV0aG9yaXR5S2V5SWRlbnRpZmllciA9IGtleWlkOmFsd2F5cyxpc3N1ZXIKYmFzaWNDb25zdHJh aW50cyA9IGNyaXRpY2FsLCBDQTp0cnVlLCBwYXRobGVuOjAKa2V5VXNhZ2UgPSBjcml0aWNhbCwg ZGlnaXRhbFNpZ25hdHVyZSwgY1JMU2lnbiwga2V5Q2VydFNpZ24KClsgdXNyX2NlcnQgXQojIEV4 dGVuc2lvbnMgZm9yIGNsaWVudCBjZXJ0aWZpY2F0ZXMgKGBtYW4geDUwOXYzX2NvbmZpZ2ApLgpi YXNpY0NvbnN0cmFpbnRzID0gQ0E6RkFMU0UKbnNDZXJ0VHlwZSA9IGNsaWVudCwgZW1haWwKbnND b21tZW50ID0gIkNsaWVudCBDZXJ0aWZpY2F0ZSwgJSVURU1QTEFURV9ET01BSU4lJSAoaW50ZXJt ZWRpYXRlKSAob3BlbnNzbCkiCnN1YmplY3RLZXlJZGVudGlmaWVyID0gaGFzaAphdXRob3JpdHlL ZXlJZGVudGlmaWVyID0ga2V5aWQsaXNzdWVyCmtleVVzYWdlID0gY3JpdGljYWwsIG5vblJlcHVk aWF0aW9uLCBkaWdpdGFsU2lnbmF0dXJlLCBrZXlFbmNpcGhlcm1lbnQKZXh0ZW5kZWRLZXlVc2Fn ZSA9IGNsaWVudEF1dGgsIGVtYWlsUHJvdGVjdGlvbgoKWyBzZXJ2ZXJfY2VydCBdCiMgRXh0ZW5z aW9ucyBmb3Igc2VydmVyIGNlcnRpZmljYXRlcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmJhc2lj Q29uc3RyYWludHMgPSBDQTpGQUxTRQpuc0NlcnRUeXBlID0gc2VydmVyCm5zQ29tbWVudCA9ICJT ZXJ2ZXIgQ2VydGlmaWNhdGUsICUlVEVNUExBVEVfRE9NQUlOJSUgKGluZGVybWVkaWF0ZSkgKG9w ZW5zc2wpIgpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRpZmll ciA9IGtleWlkLGlzc3VlcjphbHdheXMKa2V5VXNhZ2UgPSBjcml0aWNhbCwgZGlnaXRhbFNpZ25h dHVyZSwga2V5RW5jaXBoZXJtZW50CmV4dGVuZGVkS2V5VXNhZ2UgPSBzZXJ2ZXJBdXRoCgpbIGNy bF9leHQgXQojIEV4dGVuc2lvbiBmb3IgQ1JMcyAoYG1hbiB4NTA5djNfY29uZmlnYCkuCmF1dGhv cml0eUtleUlkZW50aWZpZXI9a2V5aWQ6YWx3YXlzCgpbIG9jc3AgXQojIEV4dGVuc2lvbiBmb3Ig T0NTUCBzaWduaW5nIGNlcnRpZmljYXRlcyAoYG1hbiBvY3NwYCkuCmJhc2ljQ29uc3RyYWludHMg PSBDQTpGQUxTRQpzdWJqZWN0S2V5SWRlbnRpZmllciA9IGhhc2gKYXV0aG9yaXR5S2V5SWRlbnRp ZmllciA9IGtleWlkLGlzc3VlcgprZXlVc2FnZSA9IGNyaXRpY2FsLCBkaWdpdGFsU2lnbmF0dXJl CmV4dGVuZGVkS2V5VXNhZ2UgPSBjcml0aWNhbCwgT0NTUFNpZ25pbmcKCg== EOF if [[ -z ${NEWCA} ]]; then echo "Customizing openssl.cnf..." echo echo -n "What is your ORGANIZATION'S name? " read ORGNAME export ORGNAME echo -n "And what is your organization's MAIN DOMAIN? " read ORGSITE export ORGSITE echo -n "What Country (two-letter abbreviation) is your organization located in? " read ORGCNTRY export ORGCNTRY echo -n "What State (full name) is your organization located in? " read ORGSTATE export ORGSTATE echo -n "What City is your organization located in? " read ORGCITY export ORGCITY echo -n "Lastly, what email address should be used for the SSL administrator? " read SSLADMIN export SSLADMIN fi sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf sh ${bindir}/gen.intermediate.key.sh sh ${bindir}/gen.intermediate.csr.sh sh ${bindir}/gen.intermediate.cert.sh sh ${bindir}/gen.intermediate.chain.sh