#!/bin/bash## Script to generate host key and csr in the current directory, simply pass# a desired common name as first param
HOSTNAME=$1
OPENSSL=/usr/bin/openssl
LOGGER=/usr/bin/logger
CFILE=/tmp/openssl.cf.$$
CA=/home/ca/myca
if [ ! -f ${CA}/Makefile ];then
echo "ERROR: The CA in ${CA} is not available"
exit 1
fiif [ "x${HOSTNAME}" = "x" ];then
echo "ERROR: Please specify a hostname on the commandline"
exit 1
fiif [ -f ${HOSTNAME}.key ] || [ -f ${HOSTNAME}.csr ];then
echo "ERROR: ${HOSTNAME}.key or ${HOSTNAME}.csr already exit, cannot run"
exit 1
fi
cat <<@eof >$CFILE
[req]
prompt = no
distinguished_name = dn-param
[dn-param]
C = GB
ST = London
O = Your Company
OU = PKI
CN = $HOSTNAME
emailAddress = sysadmin@you.com
@eof
${OPENSSL} req -config ${CFILE} -nodes -newkey rsa:2048 -keyout ${HOSTNAME}.key -out ${HOSTNAME}.csr
${LOGGER} -t ca "Generated new certificate, key and csr for ${HOSTNAME}"if [ -f ${HOSTNAME}.key ] && [ -f ${HOSTNAME}.csr ];then
echo "The following files have been created:"
echo " Key: ${HOSTNAME}.key"
echo " CSR: ${HOSTNAME}.csr"
echo
OLDDIR=`pwd`
cp ${HOSTNAME}.csr ${CA}
cd ${CA}
make sign
if [ -f ${HOSTNAME}.cert ];then
mv ${HOSTNAME}.cert ${OLDDIR}/${HOSTNAME}.cert
cd ${OLDDIR}
echo
echo "The certificate has been created in ${HOSTNAME}.cert"else
echo "ERROR: Creation of ${HOSTNAME}.cert failed"
exit 1
fielse
echo "ERROR: certificate creation failed, ${HOSTNAME}.key and ${HOSTNAME}.csr migth be bogus, please rm"fi
rm -f /tmp/openssl.cf.$$
Pastie << self Blog
