57 lines
1.1 KiB
Bash
Executable File
57 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check for required arguments
|
|
if [ "$#" -ne 2 ]; then
|
|
echo "Usage: $0 <hostname> <ip>"
|
|
exit 1
|
|
fi
|
|
|
|
HOSTNAME=$1
|
|
IP=$2
|
|
DEST_FOLDER= #Use env variable
|
|
KEY_FILE="${HOSTNAME}-key.pem"
|
|
CSR="${HOSTNAME}.csr"
|
|
CONF_FILE="newcert.cnf"
|
|
|
|
|
|
cat > "$CONF_FILE" <<EOF
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_md = sha256
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = v3_req
|
|
prompt = no
|
|
|
|
[ req_distinguished_name ]
|
|
C = US
|
|
ST = State
|
|
L = City
|
|
O = Company
|
|
OU = IT
|
|
CN = ${HOSTNAME}
|
|
|
|
[ v3_req ]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = critical, digitalSignature, keyEncipherment, nonRepudiation
|
|
extendedKeyUsage = serverAuth, clientAuth
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
DNS.1 = ${HOSTNAME}
|
|
IP.1 = ${IP}
|
|
EOF
|
|
|
|
echo "Generated $CONF_FILE with hostname: $HOSTNAME and IP: $IP"
|
|
|
|
# Generate SSL certificate request
|
|
openssl req -new -newkey rsa:2048 -nodes -keyout "$KEY_FILE" -out "$CSR" -config "$CONF_FILE" -extensions v3_req
|
|
|
|
# Move to destination
|
|
HOST_DIR="${DEST_FOLDER}/${HOSTNAME}"
|
|
mkdir -p "$HOST_DIR"
|
|
mv "$CSR" "$KEY_FILE" "$HOST_DIR"
|
|
|
|
echo "Generated and moved cert/key to $HOST_DIR"
|
|
fi
|
|
done
|