63 lines
1.7 KiB
Bash
Executable File
63 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Create CA Intermediate
|
|
#
|
|
#
|
|
# This function will generate a CA Intermediate
|
|
# IN: UNIQ_ID_CA, SERIAL
|
|
#
|
|
PARAM1=$1
|
|
PARAM2=$2
|
|
|
|
usage() {
|
|
echo
|
|
echo "Generate a new certificate"
|
|
echo
|
|
echo "This program will generate a new certificate authority intermediate"
|
|
echo "Requires the file ca-i.pem that is used to sign the certificates"
|
|
echo "The script requires a CA Intermediate certificate used to sign the client"
|
|
echo ""
|
|
echo ""
|
|
echo ""
|
|
echo
|
|
echo "Generate a new certificate"
|
|
echo " usage: gen_server.sh <CA Intermediate> <Org URL> <Serial>"
|
|
echo
|
|
echo " example: gen_server.sh ca_i_skunkworks.acme.xyz_10001.crt.pem \\"
|
|
echo " skunkworks.acme.xyz \\"
|
|
echo " 10052 \\"
|
|
echo
|
|
exit 1
|
|
}
|
|
|
|
#
|
|
# Generate a Server Certificate
|
|
# IN: ${SERIAL}, ${UNIQ_ID}
|
|
#
|
|
generate_server() {
|
|
openssl genrsa -out "server_${UNIQ_ID}.keys.pem" 4096
|
|
|
|
openssl req -new -config $FQ_S_CNF -key "server_${UNIQ_ID}.keys.pem" \
|
|
-subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
|
|
-out "server_${UNIQ_ID}.csr.pem"
|
|
|
|
# Intermediate signs Server
|
|
openssl x509 -req -days 365 -extfile $FQ_S_CNF -extensions v3_server \
|
|
-CA "ca_i_${UNIQ_ID_CA}.crt.pem" -CAkey "ca_i_${UNIQ_ID_CA}.keys.pem" -set_serial ${SERIAL} \
|
|
-in "server_${UNIQ_ID}.csr.pem" -out "server_${UNIQ_ID}.crt.pem"
|
|
|
|
# verify certificate (output to text file for review)
|
|
openssl x509 -noout -text -in "server_${UNIQ_ID}.crt.pem" > "server_${UNIQ_ID}.crt.info.txt"
|
|
}
|
|
|
|
# if all argument strings are empty, then continue execution
|
|
if [[ -n $1 ]] && [[ -n $2 ]] && [[ -n $3 ]]; then
|
|
UNIQ_ID_CA=$1
|
|
ORG_URL=$2
|
|
SERIAL=$3
|
|
UNIQ_ID="${ORG_URL}_${SERIAL}"
|
|
generate_server
|
|
else
|
|
usage
|
|
fi
|