root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add usage examples documentation

Browse Source
This commit is contained in:
root
2025-10-23 08:18:04 +02:00
parent 576e7de917
commit 1064b61eb3
1 changed files with 135 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
EXAMPLES.md Normal file
View File

@@ -0,0 +1,135 @@
# Usage Examples
## Example 1: Creating a certificate for a new server (Interactive)
```bash
./cert-manager.py
```
**Session output:**
```
============================================================
Interactive Certificate Manager
============================================================
--- Certificate Details ---
Target Host (IP or hostname): 192.168.1.50
Common Name (FQDN): webserver.egonetix.lan
--- Certificate Subject (press Enter to use defaults) ---
Country (C) [DE]:
State/Province (ST) [berlin]:
Locality (L) [berlin]:
Organization (O) [egonetix]:
Organizational Unit (OU) [it]:
Validity (days) [3650]:
============================================================
Summary:
============================================================
Target Host: 192.168.1.50
Common Name: webserver.egonetix.lan
Country: DE
State: berlin
Locality: berlin
Organization: egonetix
Org Unit: it
Validity: 3650 days
CA Server: 10.0.0.21
Output files: webserver.req, webserver-cert.pem
============================================================
Proceed with certificate generation? [Y/n]: y
============================================================
Step 1: Generating CSR on target host
============================================================
[Generates CSR on 192.168.1.50...]
============================================================
Step 2: Signing certificate with CA
============================================================
[Signs certificate with UCS CA...]
============================================================
Step 3: Deploying certificate to target host
============================================================
Do you want to copy the certificate back to the target host? [Y/n]: y
✓ Certificate copied to target host at /tmp/webserver.crt
Private key is at /tmp/webserver.key
============================================================
✓ Certificate Management Complete!
============================================================
Files created:
- webserver.req (Certificate Request)
- webserver-cert.pem (Signed Certificate)
On target host (192.168.1.50):
- /tmp/webserver.key (Private Key)
- /tmp/webserver.crt (Certificate)
```
## Example 2: Using standalone scripts
### Generate CSR only:
```bash
./generate-csr.sh 10.0.0.1 gwnue01.egonetix.lan
```
### Sign existing CSR:
```bash
./sign-cert.sh gwnue01.req gwnue01 3650
```
## Example 3: Changing default values
First run with modified defaults:
```bash
./cert-manager.py
```
Answer "y" to "Do you want to modify default values?"
Set your new defaults (e.g., different organization, longer validity period).
These defaults are saved in `~/.cert-manager-config.json` and will be used for all future runs.
## Example 4: Batch processing
For multiple certificates, create a wrapper script:
```bash
#!/bin/bash
# batch-certs.sh
hosts=(
"10.0.0.1:gwnue01.egonetix.lan"
"10.0.0.10:nas.egonetix.lan"
"10.0.0.20:monitoring.egonetix.lan"
)
for entry in "${hosts[@]}"; do
host="${entry%%:*}"
fqdn="${entry##*:}"
echo "Processing $fqdn on $host..."
./generate-csr.sh "$host" "$fqdn" DE berlin berlin egonetix it
shortname=$(echo "$fqdn" | cut -d'.' -f1)
./sign-cert.sh "${shortname}.req" "$shortname" 3650
echo "Done with $fqdn"
echo ""
done
```
## Tips
1. **First run:** Use the interactive tool to set up your defaults
2. **Repeated certificates:** The tool remembers your last target/common name
3. **Different organizations:** Modify defaults when needed for specific use cases
4. **Automation:** Use the standalone scripts for scripting/automation
5. **Verification:** Always check the certificate details after generation