root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add configurable key length with 4096-bit default

Browse Source 
- Added key_bits parameter to configuration (default: 4096)
- Updated generate-csr.sh to accept key length as 8th parameter
- Updated cert-manager.py to prompt for key length
- Key length shown in summary and output
- Supports common key sizes: 2048, 4096, 8192 bits
This commit is contained in:
root
2025-10-23 08:22:45 +02:00
parent 1064b61eb3
commit 5837c35b7c
2 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
generate-csr.sh
View File

@@ -1,14 +1,14 @@
#!/bin/bash
# Script to generate a certificate request on a remote host
# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]
# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits]
set -e
# Check arguments
if [ $# -lt 2 ]; then
echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou]"
echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits]"
echo ""
echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it"
echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it 4096"
exit 1
fi
@@ -19,6 +19,7 @@ STATE="${4:-berlin}"
LOCALITY="${5:-berlin}"
ORG="${6:-egonetix}"
OU="${7:-it}"
KEY_BITS="${8:-4096}"
# Extract short hostname from common name
SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1)
@@ -34,13 +35,14 @@ echo "State: $STATE"
echo "Locality: $LOCALITY"
echo "Organization: $ORG"
echo "Org Unit: $OU"
echo "Key Length: $KEY_BITS bits"
echo "Output file: $OUTPUT_FILE"
echo "=========================================="
echo ""
# Create OpenSSL config
CONFIG_CONTENT="[req]
default_bits = 4096
default_bits = $KEY_BITS
prompt = no
default_md = sha256
distinguished_name = dn
@@ -79,8 +81,8 @@ if [ $? -ne 0 ]; then
exit 1
fi
echo "[3/4] Generating CSR on target host..."
ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:4096 -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
echo "[3/4] Generating $KEY_BITS-bit RSA key and CSR on target host..."
ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:$KEY_BITS -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
if [ $? -ne 0 ]; then
echo "Error: Failed to generate CSR on target host"
exit 1
@@ -105,6 +107,9 @@ echo ""
echo "CSR details:"
openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 10 "Subject:"
echo ""
echo "Key details:"
openssl req -in "$OUTPUT_FILE" -noout -text | grep "Public-Key:"
echo ""
echo "IMPORTANT: Private key is stored on target host at:"
echo " /tmp/${SHORT_NAME}.key"
echo ""