Add configurable key length with 4096-bit default

- Added key_bits parameter to configuration (default: 4096) - Updated generate-csr.sh to accept key length as 8th parameter - Updated cert-manager.py to prompt for key length - Key length shown in summary and output - Supports common key sizes: 2048, 4096, 8192 bits
2025-10-23 08:22:45 +02:00
parent 1064b61eb3
commit 5837c35b7c
2 changed files with 18 additions and 8 deletions
--- a/cert-manager.py
+++ b/cert-manager.py
@@ -20,6 +20,7 @@ DEFAULT_CONFIG = {
    'organizational_unit': 'it',
    'ca_server': '10.0.0.21',
    'validity_days': '3650',
+    'key_bits': '4096',
    'last_target_host': '',
    'last_common_name': ''
 }
@@ -85,6 +86,7 @@ def main():
            config['organizational_unit'] = prompt_with_default("Organizational Unit (OU)", config['organizational_unit'])
            config['ca_server'] = prompt_with_default("CA Server", config['ca_server'])
            config['validity_days'] = prompt_with_default("Validity (days)", config['validity_days'])
+            config['key_bits'] = prompt_with_default("Key Length (bits)", config['key_bits'])
            print()
    
    # Get certificate details
@@ -112,6 +114,7 @@ def main():
    organization = prompt_with_default("Organization (O)", config['organization'])
    org_unit = prompt_with_default("Organizational Unit (OU)", config['organizational_unit'])
    validity_days = prompt_with_default("Validity (days)", config['validity_days'])
+    key_bits = prompt_with_default("Key Length (bits)", config['key_bits'])
    
    print("\n" + "=" * 60)
    print("Summary:")
@@ -123,6 +126,7 @@ def main():
    print(f"Locality:        {locality}")
    print(f"Organization:    {organization}")
    print(f"Org Unit:        {org_unit}")
+    print(f"Key Length:      {key_bits} bits")
    print(f"Validity:        {validity_days} days")
    print(f"CA Server:       {config['ca_server']}")
    print(f"Output files:    {short_name}.req, {short_name}-cert.pem")
@@ -154,7 +158,8 @@ def main():
        state,
        locality,
        organization,
-        org_unit
+        org_unit,
+        key_bits
    ]
    
    try:
@@ -210,7 +215,7 @@ def main():
    print(f"  - {req_file} (Certificate Request)")
    print(f"  - {cert_file} (Signed Certificate)")
    print(f"\nOn target host ({target_host}):")
-    print(f"  - /tmp/{short_name}.key (Private Key)")
+    print(f"  - /tmp/{short_name}.key (Private Key - {key_bits} bits)")
    print(f"  - /tmp/{short_name}.crt (Certificate)")
    print("\n")