forked from outroll/vesta
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathv-generate-ssl-cert
executable file
·137 lines (111 loc) · 3.19 KB
/
v-generate-ssl-cert
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/bin/bash
# info: generate self signed certificate and CSR request
# options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT]
#
# The function generates self signed SSL certificate and CSR request
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
domain=$1
domain=$(echo $domain | sed -e 's/\.*$//g' -e 's/^\.*//g')
domain=$(echo $domain | tr '[:upper:]' '[:lower:]')
domain_alias=$domain
email=$2
country=$3
state=$4
city=$5
org=$6
org_unit=$7
format=${8-shell}
KEY_SIZE=2048
DAYS=365
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# Json function
json_list_ssl() {
i='1' # iterator
echo '{'
echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CSR\": \"$csr\""
echo -e "\t}\n}"
}
# Shell function
shell_list_ssl() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$csr" ]; then
echo -e "\n$csr"
fi
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '7' "$#" 'DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT]'
validate_format 'domain_alias' 'format'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Create temporary work directory
workdir=$(mktemp -d)
cd $workdir
# Generate private key
export PASSPHRASE=gen_password
openssl genrsa -des3 \
-out $domain.key \
-passout env:PASSPHRASE $KEY_SIZE 2>/dev/null
# Generate the CSR
subj="/C=$country/ST=$state/localityName=$city/O=$org"
subj="$subj/organizationalUnitName=$org_unit/commonName=$domain"
subj="$subj/emailAddress=$email"
openssl req -sha256\
-new \
-batch \
-subj "$subj" \
-key $domain.key \
-out $domain.csr \
-passin env:PASSPHRASE >/dev/null 2>&1
# Remove passphrase
cp $domain.key $domain.key.tmp
openssl rsa \
-in $domain.key.tmp \
-out $domain.key \
-passin env:PASSPHRASE >/dev/null 2>&1
rm $domain.key.tmp
# Generate the cert 1 year
openssl x509 -req -sha256 \
-days $DAYS \
-in $domain.csr \
-signkey $domain.key \
-out $domain.crt >/dev/null 2>&1
# Listing certificates
if [ -e "$domain.crt" ]; then
crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.key" ]; then
key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.csr" ]; then
csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' )
fi
case $format in
json) json_list_ssl ;;
plain) nohead=1; shell_list_ssl ;;
shell) shell_list_ssl ;;
*) check_args '1' '0' '[FORMAT]'
esac
# Delete tmp dir
rm -rf $workdir
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$EVENT"
exit