modified script for csr creation
This commit is contained in:
parent
5d8df30232
commit
9559910eac
49
csrgen.sh
Normal file → Executable file
49
csrgen.sh
Normal file → Executable file
@ -8,34 +8,49 @@ fi
|
||||
|
||||
HOSTNAME=$1
|
||||
IP=$2
|
||||
DEST_FOLDER="" # Use the environment variable
|
||||
CONF_FILE="newcert.cnf"
|
||||
DEST_FOLDER= #Use env variable
|
||||
KEY_FILE="${HOSTNAME}-key.pem"
|
||||
CSR="${HOSTNAME}.csr"
|
||||
CONF_FILE="newcert.cnf"
|
||||
|
||||
# Use sed to replace the hostname in the configuration file
|
||||
sed -i.bak "s/[a-z]\+\.local\.naxslabs\.com/${HOSTNAME}.local.naxslabs.com/g" "$CONF_FILE"
|
||||
|
||||
# Update the IP address in the configuration file
|
||||
sed -i.bak "s/[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/${IP}/g" "$CONF_FILE"
|
||||
cat > "$CONF_FILE" <<EOF
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
prompt = no
|
||||
|
||||
echo "Updated $CONF_FILE with hostname: $HOSTNAME"
|
||||
[ req_distinguished_name ]
|
||||
C = US
|
||||
ST = State
|
||||
L = City
|
||||
O = Company
|
||||
OU = IT
|
||||
CN = ${HOSTNAME}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
|
||||
extendedKeyUsage = serverAuth, clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 = ${HOSTNAME}
|
||||
IP.1 = ${IP}
|
||||
EOF
|
||||
|
||||
echo "Generated $CONF_FILE with hostname: $HOSTNAME and IP: $IP"
|
||||
|
||||
# Generate SSL certificate request
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout "$KEY_FILE" -out "$CSR" -config "$CONF_FILE" -extensions v3_req
|
||||
|
||||
echo "Generated SSL certificate and key: $KEY_FILE and $CSR"
|
||||
|
||||
# Create a new directory for the hostname within the destination folder
|
||||
# Move to destination
|
||||
HOST_DIR="${DEST_FOLDER}/${HOSTNAME}"
|
||||
mkdir -p "$HOST_DIR"
|
||||
mv "$CSR" "$KEY_FILE" "$HOST_DIR"
|
||||
|
||||
# Check if generated files exist and move them to the hostname directory
|
||||
for file in "$CSR" "$KEY_FILE"; do
|
||||
if [ -f "$file" ]; then
|
||||
mv "$file" "$HOST_DIR"
|
||||
echo "Moved $file to $HOST_DIR"
|
||||
else
|
||||
echo "$file does not exist."
|
||||
echo "Generated and moved cert/key to $HOST_DIR"
|
||||
fi
|
||||
done
|
||||
|
||||
29
newcert.cnf
29
newcert.cnf
@ -1,29 +0,0 @@
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_md = sha256
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = US
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = State
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = City
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Company
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = IT
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default =
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
|
||||
extendedKeyUsage = serverAuth, clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 =
|
||||
IP.1 =
|
||||
Loading…
Reference in New Issue
Block a user