#!/bin/bash # info: generate self signed certificate and CSR request # options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT] # # The function generates self signed SSL certificate and CSR request #----------------------------------------------------------# # Variable&Function # #----------------------------------------------------------# # Argument defenition domain=$1 domain=$(echo $domain | sed -e 's/\.*$//g' -e 's/^\.*//g') domain=$(echo $domain | tr '[:upper:]' '[:lower:]') domain_alias=$domain email=$2 country=$3 state=$4 city=$5 org=$6 org_unit=$7 format=${8-shell} KEY_SIZE=2048 DAYS=365 # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf # Json function json_list_ssl() { i='1' # iterator echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," echo " \"KEY\": \"$key\"," echo " \"CSR\": \"$csr\"" echo -e "\t}\n}" } # Shell function shell_list_ssl() { if [ ! -z "$crt" ]; then echo -e "$crt" fi if [ ! -z "$key" ]; then echo -e "\n$key" fi if [ ! -z "$csr" ]; then echo -e "\n$csr" fi } #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# check_args '7' "$#" 'DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [FORMAT]' validate_format 'domain_alias' 'format' #----------------------------------------------------------# # Action # #----------------------------------------------------------# # Create temporary work directory workdir=$(mktemp -d) cd $workdir # Generate private key export PASSPHRASE=gen_password openssl genrsa -des3 \ -out $domain.key \ -passout env:PASSPHRASE $KEY_SIZE 2>/dev/null # Generate the CSR subj="/C=$country/ST=$state/localityName=$city/O=$org" subj="$subj/organizationalUnitName=$org_unit/commonName=$domain" subj="$subj/emailAddress=$email" openssl req -sha256\ -new \ -batch \ -subj "$subj" \ -key $domain.key \ -out $domain.csr \ -passin env:PASSPHRASE >/dev/null 2>&1 # Remove passphrase cp $domain.key $domain.key.tmp openssl rsa \ -in $domain.key.tmp \ -out $domain.key \ -passin env:PASSPHRASE >/dev/null 2>&1 rm $domain.key.tmp # Generate the cert 1 year openssl x509 -req -sha256 \ -days $DAYS \ -in $domain.csr \ -signkey $domain.key \ -out $domain.crt >/dev/null 2>&1 # Listing certificates if [ -e "$domain.crt" ]; then crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.key" ]; then key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.csr" ]; then csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' ) fi case $format in json) json_list_ssl ;; plain) nohead=1; shell_list_ssl ;; shell) shell_list_ssl ;; *) check_args '1' '0' '[FORMAT]' esac # Delete tmp dir rm -rf $workdir #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# # Logging log_event "$OK" "$EVENT" exit