From c72dc5389be87198c4c2ac796a437c27280858d5 Mon Sep 17 00:00:00 2001 From: brent s Date: Mon, 22 Feb 2016 03:29:17 -0500 Subject: [PATCH] temporary checkin --- gen.ca.cert.sh | 2 +- gen.intermediate.csr.sh | 2 +- gen.intermediate.key.sh | 4 ++-- gen.serverclient.csr.sh | 2 +- new.ca.sh | 36 ++++++++++++++++++++---------------- new.intermediate.sh | 11 ++++++++++- 6 files changed, 35 insertions(+), 22 deletions(-) diff --git a/gen.ca.cert.sh b/gen.ca.cert.sh index aa63010..a8cd2eb 100644 --- a/gen.ca.cert.sh +++ b/gen.ca.cert.sh @@ -2,5 +2,5 @@ set -e echo "Generating CA certificate..." -openssl req -config ${rootdir}/openssl.cnf -key ${rootdir}/key/ca.key -new -x509 -days 3650 -extensions v3_ca -out ${rootdir}/crt/ca.crt > /dev/null 2>&1 +openssl req -config ${rootdir}/openssl.cnf -key ${rootdir}/key/ca.key -new -x509 -days 3650 -extensions v3_ca -subj "/CN=${ORGNAME}\(CA\)/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -out ${rootdir}/crt/ca.crt > /dev/null 2>&1 chmod 444 ${rootdir}/crt/ca.crt diff --git a/gen.intermediate.csr.sh b/gen.intermediate.csr.sh index 1539ddf..caf8ea8 100644 --- a/gen.intermediate.csr.sh +++ b/gen.intermediate.csr.sh @@ -2,4 +2,4 @@ set -e echo "Generating intermediate CSR..." -openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/intermediate/key/intermediate.key -out ${rootdir}/intermediate/csr/intermediate.csr > /dev/null 2>&1 +openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -subj "/CN=${ORGNAME}\(intermediate\)/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -key ${rootdir}/intermediate/key/intermediate.key -out ${rootdir}/intermediate/csr/intermediate.csr > /dev/null 2>&1 diff --git a/gen.intermediate.key.sh b/gen.intermediate.key.sh index a2e2a45..3570063 100644 --- a/gen.intermediate.key.sh +++ b/gen.intermediate.key.sh @@ -2,5 +2,5 @@ set -e echo "Generating intermediate key..." -openssl genrsa -out ${rootdir}/intermdiate/key/ca.key 4096 > /dev/null 2>&1 -chmod 400 ${rootdir}/intermediate/key/ca.key +openssl genrsa -out ${rootdir}/intermediate/key/intermediate.key 4096 > /dev/null 2>&1 +chmod 400 ${rootdir}/intermediate/key/intermediate.key diff --git a/gen.serverclient.csr.sh b/gen.serverclient.csr.sh index cce802d..57b684a 100644 --- a/gen.serverclient.csr.sh +++ b/gen.serverclient.csr.sh @@ -2,4 +2,4 @@ set -e echo "Generating CSR (${1})..." -openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/key/${1}.key -out ${rootdir}/csr/${1}.csr > /dev/null 2>&1 +openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -subj "/CN=${1}/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -key ${rootdir}/key/${1}.key -out ${rootdir}/csr/${1}.csr > /dev/null 2>&1 diff --git a/new.ca.sh b/new.ca.sh index 6d14b73..776714f 100755 --- a/new.ca.sh +++ b/new.ca.sh @@ -1,27 +1,31 @@ #!/bin/bash set -e +set -x -rootdir='/root/ssl/ca' +rootdir='/tmp/ssl/ca' bindir="$(dirname ${0})" export rootdir export bindir -echo "If you continue, I will completely DELETE (if found):" -echo " ${rootdir}/key" -echo " ${rootdir}/crt" -echo " ${rootdir}/crl" -echo " ${rootdir}/csr" -echo " ${rootdir}/index.txt" -echo " ${rootdir}/serial" -echo -echo "To continue, type YESIAMCRAZY and hit the enter key." -read RUCRAZY - -if [[ "${RUCRAZY}" != 'YESIAMCRAZY' ]]; +if [[ -d "${rootdir}" ]]; then - echo '"IAMCRAZY" *NOT* entered. Quitting.' - exit 1 + echo "If you continue, I will completely DELETE (if found):" + echo " ${rootdir}/key" + echo " ${rootdir}/crt" + echo " ${rootdir}/crl" + echo " ${rootdir}/csr" + echo " ${rootdir}/index.txt" + echo " ${rootdir}/serial" + echo + echo "To continue, type YESIAMCRAZY and hit the enter key." + read RUCRAZY + + if [[ "${RUCRAZY}" != 'YESIAMCRAZY' ]]; + then + echo '"IAMCRAZY" *NOT* entered. Quitting.' + exit 1 + fi fi echo "Deleting CA hierarchy and creating clean..." @@ -136,7 +140,7 @@ echo -n "Lastly, what email address should be used for the SSL administrator? " read SSLADMIN export SSLADMIN -sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf +sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf NEWCA='yes' export NEWCA diff --git a/new.intermediate.sh b/new.intermediate.sh index d2ff568..ce3c8bd 100644 --- a/new.intermediate.sh +++ b/new.intermediate.sh @@ -22,6 +22,15 @@ then read RUCRAZY2 else RUCRAZY2='YESIAMCRAZY' + export rootdir + export bindir + export ORGNAME + export ORGSITE + export ORGCNTRY + export ORGSTATE + export ORGCITY + export SSLADMIN + export NEWCA fi if [[ "${RUCRAZY2}" != 'YESIAMCRAZY' ]]; @@ -146,7 +155,7 @@ then export SSLADMIN fi -sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf +sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf sh ${bindir}/gen.intermediate.key.sh sh ${bindir}/gen.intermediate.csr.sh