summaryrefslogtreecommitdiff
path: root/localcsr
blob: cffbedd8ae9afe31b1bad360190e56803ad9c1fa (plain) 
    

  1. #!/bin/sh
    2. 

  2. # csr.sh: Certificate Signing Request Generator
    3. 

  3. # Copyright(c) 2005 Evaldo Gardenali <evaldo@gardenali.biz>
    4. 

  4. # All rights reserved.
    5. 

  5. #
    6. 

  6. # Redistribution and use in source and binary forms, with or without
    7. 

  7. # modification, are permitted provided that the following conditions
    8. 

  8. # are met:
    9. 

  9. # 1. Redistributions of source code must retain the above copyright
    10. 

  10. #    notice, this list of conditions and the following disclaimer.
    11. 

  11. # 2. Redistributions in binary form must reproduce the above copyright
    12. 

  12. #    notice, this list of conditions and the following disclaimer in the
    13. 

  13. #    documentation and/or other materials provided with the distribution.
    14. 

  14. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "ASIS"
    15. 

  15. # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
    16. 

  16. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
    17. 

  17. # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
    18. 

  18. # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
    19. 

  19. # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
    20. 

  20. # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
    21. 

  21. # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
    22. 

  22. # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    23. 

  23. # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
    24. 

  24. # POSSIBILITY OF SUCH DAMAGE.
    25. 

  25. #
    26. 

  26. # ChangeLog:
    27. 

  27. # Mon May 23 00:14:37 BRT 2005 - evaldo - Initial Release
    28. 

  28. # Wed May  3 12:09:24 UTC 2006 - jonas - Drop $HOME, use current workdir
    29. 

  29. 

  30. # be safe about permissions
    31. 

  31. LASTUMASK=`umask`
    32. 

  32. umask 077
    33. 

  33. 

  34. # OpenSSL for HPUX needs a random file
    35. 

  35. RANDOMFILE=$HOME/.rnd
    36. 

  36. 

  37. # create a config file for openssl
    38. 

  38. CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
    39. 

  39. if [ ! $? -eq 0 ]; then
    40. 

  40.     echo "Could not create temporary config file. exiting"
    41. 

  41.     exit 1
    42. 

  42. fi
    43. 

  43. 

  44. echo "Private Key and Certificate Signing Request Generator"
    45. 

  45. echo "This script was designed to suit the request format needed by"
    46. 

  46. echo "the CAcert Certificate Authority. www.CAcert.org"
    47. 

  47. echo
    48. 

  48. 

  49. printf "Short Hostname (ie. imap big_srv www2): "
    50. 

  50. read HOST
    51. 

  51. printf "FQDN/CommonName (ie. www.example.com) : "
    52. 

  52. read COMMONNAME
    53. 

  53. 

  54. echo "Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish"
    55. 

  55. SAN=1        # bogus value to begin the loop
    56. 

  56. SANAMES=""   # sanitize
    57. 

  57. while [ ! "$SAN" = "" ]; do
    58. 

  58.     printf "SubjectAltName: DNS:"
    59. 

  59.     read SAN
    60. 

  60.     if [ "$SAN" = "" ]; then break; fi # end of input
    61. 

  61.     if [ "$SANAMES" = "" ]; then
    62. 

  62.         SANAMES="DNS:$SAN"
    63. 

  63.     else
    64. 

  64.         SANAMES="$SANAMES,DNS:$SAN"
    65. 

  65.     fi
    66. 

  66. done
    67. 

  67. 

  68. # Config File Generation
    69. 

  69. 

  70. cat <<EOF > $CONFIG
    71. 

  71. # -------------- BEGIN custom openssl.cnf -----
    72. 

  72. EOF
    73. 

  73. 

  74. if [ "`uname -s`" = "HP-UX" ]; then
    75. 

  75.     echo " RANDFILE                = $RANDOMFILE" >> $CONFIG
    76. 

  76. fi
    77. 

  77. 

  78. cat <<EOF >> $CONFIG
    79. 

  79.  oid_section             = new_oids
    80. 

  80.  [ new_oids ]
    81. 

  81.  [ req ]
    82. 

  82.  default_days            = 730            # how long to certify for
    83. 

  83.  default_keyfile         = ${HOST}_privatekey.pem
    84. 

  84.  distinguished_name      = req_distinguished_name
    85. 

  85.  encrypt_key             = no
    86. 

  86.  string_mask = nombstr
    87. 

  87. EOF
    88. 

  88. 

  89. if [ ! "$SANAMES" = "" ]; then
    90. 

  90.     echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG
    91. 

  91. fi
    92. 

  92. 

  93. cat <<EOF >> $CONFIG
    94. 

  94.  [ req_distinguished_name ]
    95. 

  95.  commonName              = Common Name (eg, YOUR name)
    96. 

  96.  commonName_default      = $COMMONNAME
    97. 

  97.  commonName_max          = 64
    98. 

  98.  [ v3_req ]
    99. 

  99. EOF
    100. 

  100. 

  101. if [ ! "$SANAMES" = "" ]; then
    102. 

  102.     echo "subjectAltName=$SANAMES" >> $CONFIG
    103. 

  103. fi
    104. 

  104. 

  105. echo "# -------------- END custom openssl.cnf -----" >> $CONFIG
    106. 

  106. 

  107. echo "Running OpenSSL..."
    108. 

  108. openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${HOST}_csr.pem
    109. 

  109. echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate."
    110. 

  110. echo "When you receive your certificate, you 'should' name it something like ${HOST}_server.pem"
    111. 

  111. echo
    112. 

  112. cat ${HOST}_csr.pem
    113. 

  113. echo
    114. 

  114. echo The Certificate request is also available in ${HOST}_csr.pem
    115. 

  115. echo The Private Key is stored in ${HOST}_privatekey.pem
    116. 

  116. echo
    117. 

  117. 

  118. rm $CONFIG
    119. 

  119. 

  120. #restore umask
    121. 

  121. umask $LASTUMASK
    122.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 01:25:43 +0000