temporary checkin

This commit is contained in:
brent s. 2016-02-22 03:29:17 -05:00
parent b35241f7d0
commit c72dc5389b
6 changed files with 35 additions and 22 deletions

View File

@ -2,5 +2,5 @@
set -e

echo "Generating CA certificate..."
openssl req -config ${rootdir}/openssl.cnf -key ${rootdir}/key/ca.key -new -x509 -days 3650 -extensions v3_ca -out ${rootdir}/crt/ca.crt > /dev/null 2>&1
openssl req -config ${rootdir}/openssl.cnf -key ${rootdir}/key/ca.key -new -x509 -days 3650 -extensions v3_ca -subj "/CN=${ORGNAME}\(CA\)/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -out ${rootdir}/crt/ca.crt > /dev/null 2>&1
chmod 444 ${rootdir}/crt/ca.crt

View File

@ -2,4 +2,4 @@
set -e

echo "Generating intermediate CSR..."
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/intermediate/key/intermediate.key -out ${rootdir}/intermediate/csr/intermediate.csr > /dev/null 2>&1
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -subj "/CN=${ORGNAME}\(intermediate\)/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -key ${rootdir}/intermediate/key/intermediate.key -out ${rootdir}/intermediate/csr/intermediate.csr > /dev/null 2>&1

View File

@ -2,5 +2,5 @@
set -e

echo "Generating intermediate key..."
openssl genrsa -out ${rootdir}/intermdiate/key/ca.key 4096 > /dev/null 2>&1
chmod 400 ${rootdir}/intermediate/key/ca.key
openssl genrsa -out ${rootdir}/intermediate/key/intermediate.key 4096 > /dev/null 2>&1
chmod 400 ${rootdir}/intermediate/key/intermediate.key

View File

@ -2,4 +2,4 @@
set -e

echo "Generating CSR (${1})..."
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -key ${rootdir}/key/${1}.key -out ${rootdir}/csr/${1}.csr > /dev/null 2>&1
openssl req -config ${rootdir}/intermediate/openssl.cnf -new -sha512 -subj "/CN=${1}/O=${ORGNAME}/C=${ORGCNTRY}/ST=${ORGSTATE}/L=${ORGCITY}" -key ${rootdir}/key/${1}.key -out ${rootdir}/csr/${1}.csr > /dev/null 2>&1

View File

@ -1,12 +1,15 @@
#!/bin/bash
set -e
set -x


rootdir='/root/ssl/ca'
rootdir='/tmp/ssl/ca'
bindir="$(dirname ${0})"
export rootdir
export bindir

if [[ -d "${rootdir}" ]];
then
echo "If you continue, I will completely DELETE (if found):"
echo " ${rootdir}/key"
echo " ${rootdir}/crt"
@ -23,6 +26,7 @@ then
echo '"IAMCRAZY" *NOT* entered. Quitting.'
exit 1
fi
fi

echo "Deleting CA hierarchy and creating clean..."
# https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
@ -136,7 +140,7 @@ echo -n "Lastly, what email address should be used for the SSL administrator? "
read SSLADMIN
export SSLADMIN

sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf
sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/openssl.cnf

NEWCA='yes'
export NEWCA

View File

@ -22,6 +22,15 @@ then
read RUCRAZY2
else
RUCRAZY2='YESIAMCRAZY'
export rootdir
export bindir
export ORGNAME
export ORGSITE
export ORGCNTRY
export ORGSTATE
export ORGCITY
export SSLADMIN
export NEWCA
fi

if [[ "${RUCRAZY2}" != 'YESIAMCRAZY' ]];
@ -146,7 +155,7 @@ then
export SSLADMIN
fi

sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s/%%TEMPLATE_ROOTDIR%%/${rootdir}/g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf
sed -i -e "s/%%TEMPLATE_ORG%%/${ORGNAME}/g ; s/%%TEMPLATE_DOMAIN%%/${ORGSITE}/g ; s@%%TEMPLATE_ROOTDIR%%@${rootdir}@g ; s/%%TEMPLATE_COUNTRY%%/${ORGCNTRY}/g ; s/%%TEMPLATE_STATE%%/${ORGSTATE}/g ; s/%%TEMPLATE_CITY%%/${ORGCITY}/g ; s/%%TEMPLATE_SSLADMIN%%/${SSLADMIN}/g" ${rootdir}/intermediate/openssl.cnf

sh ${bindir}/gen.intermediate.key.sh
sh ${bindir}/gen.intermediate.csr.sh