## mark a section (Learn more)

#!/bin/bash # # Script to generate host key and csr in the current directory, simply pass # a desired common name as first param HOSTNAME=$1 OPENSSL=/usr/bin/openssl LOGGER=/usr/bin/logger CFILE=/tmp/openssl.cf.$$ CA=/home/ca/myca if [ ! -f ${CA}/Makefile ]; then echo "ERROR: The CA in ${CA} is not available" exit 1 fi if [ "x${HOSTNAME}" = "x" ]; then echo "ERROR: Please specify a hostname on the commandline" exit 1 fi if [ -f ${HOSTNAME}.key ] || [ -f ${HOSTNAME}.csr ]; then echo "ERROR: ${HOSTNAME}.key or ${HOSTNAME}.csr already exit, cannot run" exit 1 fi cat <<@eof > $CFILE [req] prompt = no distinguished_name = dn-param [dn-param] C = GB ST = London O = Your Company OU = PKI CN = $HOSTNAME emailAddress = sysadmin@you.com @eof ${OPENSSL} req -config ${CFILE} -nodes -newkey rsa:2048 -keyout ${HOSTNAME}.key -out ${HOSTNAME}.csr ${LOGGER} -t ca "Generated new certificate, key and csr for ${HOSTNAME}" if [ -f ${HOSTNAME}.key ] && [ -f ${HOSTNAME}.csr ]; then echo "The following files have been created:" echo " Key: ${HOSTNAME}.key" echo " CSR: ${HOSTNAME}.csr" echo OLDDIR=`pwd` cp ${HOSTNAME}.csr ${CA} cd ${CA} make sign if [ -f ${HOSTNAME}.cert ]; then mv ${HOSTNAME}.cert ${OLDDIR}/${HOSTNAME}.cert cd ${OLDDIR} echo echo "The certificate has been created in ${HOSTNAME}.cert" else echo "ERROR: Creation of ${HOSTNAME}.cert failed" exit 1 fi else echo "ERROR: certificate creation failed, ${HOSTNAME}.key and ${HOSTNAME}.csr migth be bogus, please rm" fi rm -f /tmp/openssl.cf.$$

This paste will be private.