Initial commit: Certificate management tools

- cert-manager.py: Interactive certificate lifecycle management
- generate-csr.sh: Generate CSR on remote host
- sign-cert.sh: Sign certificate with UCS CA
- README.md: Complete documentation
- .gitignore: Ignore certificate and config files

Features:
- Interactive prompts with default values
- Config persistence between runs
- Remote CSR generation with proper server extensions
- Automated CA signing
- Optional certificate deployment

generate-csr.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+# Script to generate a certificate request on a remote host
+# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]
+
+set -e
+
+# Check arguments
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou]"
+    echo ""
+    echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it"
+    exit 1
+fi
+
+TARGET_HOST="$1"
+COMMON_NAME="$2"
+COUNTRY="${3:-DE}"
+STATE="${4:-berlin}"
+LOCALITY="${5:-berlin}"
+ORG="${6:-egonetix}"
+OU="${7:-it}"
+
+# Extract short hostname from common name
+SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1)
+OUTPUT_FILE="${SHORT_NAME}.req"
+
+echo "=========================================="
+echo "Certificate Request Generation"
+echo "=========================================="
+echo "Target host:   $TARGET_HOST"
+echo "Common Name:   $COMMON_NAME"
+echo "Country:       $COUNTRY"
+echo "State:         $STATE"
+echo "Locality:      $LOCALITY"
+echo "Organization:  $ORG"
+echo "Org Unit:      $OU"
+echo "Output file:   $OUTPUT_FILE"
+echo "=========================================="
+echo ""
+
+# Create OpenSSL config
+CONFIG_CONTENT="[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = v3_req
+
+[dn]
+C=$COUNTRY
+ST=$STATE
+L=$LOCALITY
+O=$ORG
+OU=$OU
+CN=$COMMON_NAME
+
+[v3_req]
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = $COMMON_NAME
+DNS.2 = $SHORT_NAME"
+
+# Add alternative names if common name contains domain
+if [[ "$COMMON_NAME" == *.* ]]; then
+    CONFIG_CONTENT="$CONFIG_CONTENT
+DNS.3 = ${SHORT_NAME}.${COMMON_NAME#*.}"
+fi
+
+echo "[1/4] Creating OpenSSL configuration..."
+echo "$CONFIG_CONTENT" > /tmp/csr_config.conf
+
+echo "[2/4] Copying config to target host..."
+scp /tmp/csr_config.conf root@${TARGET_HOST}:/tmp/csr_config.conf
+if [ $? -ne 0 ]; then
+    echo "Error: Failed to copy config to target host"
+    exit 1
+fi
+
+echo "[3/4] Generating CSR on target host..."
+ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:4096 -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
+if [ $? -ne 0 ]; then
+    echo "Error: Failed to generate CSR on target host"
+    exit 1
+fi
+
+echo "[4/4] Downloading CSR..."
+scp root@${TARGET_HOST}:/tmp/${SHORT_NAME}.csr "$OUTPUT_FILE"
+if [ $? -ne 0 ]; then
+    echo "Error: Failed to download CSR"
+    exit 1
+fi
+
+# Clean up local temp file
+rm -f /tmp/csr_config.conf
+
+echo ""
+echo "=========================================="
+echo "✓ CSR generated successfully!"
+echo "=========================================="
+echo "Certificate request saved to: $OUTPUT_FILE"
+echo ""
+echo "CSR details:"
+openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 10 "Subject:"
+echo ""
+echo "IMPORTANT: Private key is stored on target host at:"
+echo "  /tmp/${SHORT_NAME}.key"
+echo ""
+echo "Next step: Sign this CSR with:"
+echo "  ./sign-cert.sh $OUTPUT_FILE $SHORT_NAME"
+echo "=========================================="