darnellkeith/lab_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified script for csr creation

Browse Source
This commit is contained in:
Darnell Keith 2025-07-09 15:52:11 -04:00
parent 5d8df30232
commit 9559910eac
2 changed files with 32 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
csrgen.sh Normal file → Executable file
View File

@ -8,34 +8,49 @@ fi
HOSTNAME=$1 HOSTNAME=$1
IP=$2 IP=$2
DEST_FOLDER="" # Use the environment variable DEST_FOLDER= #Use env variable
CONF_FILE="newcert.cnf"
KEY_FILE="${HOSTNAME}-key.pem" KEY_FILE="${HOSTNAME}-key.pem"
CSR="${HOSTNAME}.csr" CSR="${HOSTNAME}.csr"
CONF_FILE="newcert.cnf"
# Use sed to replace the hostname in the configuration file
sed -i.bak "s/[a-z]\+\.local\.naxslabs\.com/${HOSTNAME}.local.naxslabs.com/g" "$CONF_FILE"
# Update the IP address in the configuration file cat > "$CONF_FILE" <<EOF
sed -i.bak "s/[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/${IP}/g" "$CONF_FILE" [ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
echo "Updated $CONF_FILE with hostname: $HOSTNAME" [ req_distinguished_name ]
C = US
ST = State
L = City
O = Company
OU = IT
CN = ${HOSTNAME}
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = ${HOSTNAME}
IP.1 = ${IP}
EOF
echo "Generated $CONF_FILE with hostname: $HOSTNAME and IP: $IP"
# Generate SSL certificate request # Generate SSL certificate request
openssl req -new -newkey rsa:2048 -nodes -keyout "$KEY_FILE" -out "$CSR" -config "$CONF_FILE" -extensions v3_req openssl req -new -newkey rsa:2048 -nodes -keyout "$KEY_FILE" -out "$CSR" -config "$CONF_FILE" -extensions v3_req
echo "Generated SSL certificate and key: $KEY_FILE and $CSR" # Move to destination
# Create a new directory for the hostname within the destination folder
HOST_DIR="${DEST_FOLDER}/${HOSTNAME}" HOST_DIR="${DEST_FOLDER}/${HOSTNAME}"
mkdir -p "$HOST_DIR" mkdir -p "$HOST_DIR"
mv "$CSR" "$KEY_FILE" "$HOST_DIR"
# Check if generated files exist and move them to the hostname directory echo "Generated and moved cert/key to $HOST_DIR"
for file in "$CSR" "$KEY_FILE"; do
if [ -f "$file" ]; then
mv "$file" "$HOST_DIR"
echo "Moved $file to $HOST_DIR"
else
echo "$file does not exist."
fi fi
done done

29
newcert.cnf
View File

@ -1,29 +0,0 @@
[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = State
localityName = Locality Name (eg, city)
localityName_default = City
organizationName = Organization Name (eg, company)
organizationName_default = Company
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default =
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 =
IP.1 =