diff --git a/EXAMPLES.md b/EXAMPLES.md new file mode 100644 index 0000000..9d9aa0e --- /dev/null +++ b/EXAMPLES.md @@ -0,0 +1,135 @@ +# Usage Examples + +## Example 1: Creating a certificate for a new server (Interactive) + +```bash +./cert-manager.py +``` + +**Session output:** +``` +============================================================ +Interactive Certificate Manager +============================================================ + +--- Certificate Details --- +Target Host (IP or hostname): 192.168.1.50 +Common Name (FQDN): webserver.egonetix.lan + +--- Certificate Subject (press Enter to use defaults) --- +Country (C) [DE]: +State/Province (ST) [berlin]: +Locality (L) [berlin]: +Organization (O) [egonetix]: +Organizational Unit (OU) [it]: +Validity (days) [3650]: + +============================================================ +Summary: +============================================================ +Target Host: 192.168.1.50 +Common Name: webserver.egonetix.lan +Country: DE +State: berlin +Locality: berlin +Organization: egonetix +Org Unit: it +Validity: 3650 days +CA Server: 10.0.0.21 +Output files: webserver.req, webserver-cert.pem +============================================================ + +Proceed with certificate generation? [Y/n]: y + +============================================================ +Step 1: Generating CSR on target host +============================================================ +[Generates CSR on 192.168.1.50...] + +============================================================ +Step 2: Signing certificate with CA +============================================================ +[Signs certificate with UCS CA...] + +============================================================ +Step 3: Deploying certificate to target host +============================================================ +Do you want to copy the certificate back to the target host? [Y/n]: y + +✓ Certificate copied to target host at /tmp/webserver.crt + Private key is at /tmp/webserver.key + +============================================================ +✓ Certificate Management Complete! +============================================================ + +Files created: + - webserver.req (Certificate Request) + - webserver-cert.pem (Signed Certificate) + +On target host (192.168.1.50): + - /tmp/webserver.key (Private Key) + - /tmp/webserver.crt (Certificate) +``` + +## Example 2: Using standalone scripts + +### Generate CSR only: +```bash +./generate-csr.sh 10.0.0.1 gwnue01.egonetix.lan +``` + +### Sign existing CSR: +```bash +./sign-cert.sh gwnue01.req gwnue01 3650 +``` + +## Example 3: Changing default values + +First run with modified defaults: +```bash +./cert-manager.py +``` + +Answer "y" to "Do you want to modify default values?" + +Set your new defaults (e.g., different organization, longer validity period). + +These defaults are saved in `~/.cert-manager-config.json` and will be used for all future runs. + +## Example 4: Batch processing + +For multiple certificates, create a wrapper script: + +```bash +#!/bin/bash +# batch-certs.sh + +hosts=( + "10.0.0.1:gwnue01.egonetix.lan" + "10.0.0.10:nas.egonetix.lan" + "10.0.0.20:monitoring.egonetix.lan" +) + +for entry in "${hosts[@]}"; do + host="${entry%%:*}" + fqdn="${entry##*:}" + + echo "Processing $fqdn on $host..." + ./generate-csr.sh "$host" "$fqdn" DE berlin berlin egonetix it + + shortname=$(echo "$fqdn" | cut -d'.' -f1) + ./sign-cert.sh "${shortname}.req" "$shortname" 3650 + + echo "Done with $fqdn" + echo "" +done +``` + +## Tips + +1. **First run:** Use the interactive tool to set up your defaults +2. **Repeated certificates:** The tool remembers your last target/common name +3. **Different organizations:** Modify defaults when needed for specific use cases +4. **Automation:** Use the standalone scripts for scripting/automation +5. **Verification:** Always check the certificate details after generation