diff --git a/generate-csr.sh b/generate-csr.sh index 7523930..1482d3f 100755 --- a/generate-csr.sh +++ b/generate-csr.sh @@ -25,10 +25,23 @@ KEY_BITS="${8:-4096}" SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1) OUTPUT_FILE="${SHORT_NAME}.req" +# Detect if TARGET_HOST is an IP address +if [[ "$TARGET_HOST" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + TARGET_IP="$TARGET_HOST" +else + # Try to resolve hostname to IP + TARGET_IP=$(ssh -o ConnectTimeout=5 -o BatchMode=yes root@${TARGET_HOST} "hostname -I | awk '{print \$1}'" 2>/dev/null || echo "") + if [ -z "$TARGET_IP" ]; then + # Fallback: try local resolution + TARGET_IP=$(getent hosts "$TARGET_HOST" 2>/dev/null | awk '{print $1}' | head -1 || echo "") + fi +fi + echo "==========================================" echo "Certificate Request Generation" echo "==========================================" echo "Target host: $TARGET_HOST" +echo "Target IP: ${TARGET_IP:-not detected}" echo "Common Name: $COMMON_NAME" echo "Country: $COUNTRY" echo "State: $STATE" @@ -40,6 +53,25 @@ echo "Output file: $OUTPUT_FILE" echo "==========================================" echo "" +# Build SAN entries +SAN_DNS="DNS.1 = $COMMON_NAME +DNS.2 = $SHORT_NAME" + +DNS_COUNTER=3 + +# Add alternative names if common name contains domain +if [[ "$COMMON_NAME" == *.* ]]; then + SAN_DNS="$SAN_DNS +DNS.$DNS_COUNTER = ${SHORT_NAME}.${COMMON_NAME#*.}" + ((DNS_COUNTER++)) +fi + +# Add IP address if detected +SAN_IP="" +if [ -n "$TARGET_IP" ]; then + SAN_IP="IP.1 = $TARGET_IP" +fi + # Create OpenSSL config CONFIG_CONTENT="[req] default_bits = $KEY_BITS @@ -62,13 +94,12 @@ extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] -DNS.1 = $COMMON_NAME -DNS.2 = $SHORT_NAME" +$SAN_DNS" -# Add alternative names if common name contains domain -if [[ "$COMMON_NAME" == *.* ]]; then +# Append IP if available +if [ -n "$SAN_IP" ]; then CONFIG_CONTENT="$CONFIG_CONTENT -DNS.3 = ${SHORT_NAME}.${COMMON_NAME#*.}" +$SAN_IP" fi echo "[1/4] Creating OpenSSL configuration..." @@ -107,6 +138,9 @@ echo "" echo "CSR details:" openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 10 "Subject:" echo "" +echo "Subject Alternative Names:" +openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 20 "Subject Alternative Name" || echo " (none found)" +echo "" echo "Key details:" openssl req -in "$OUTPUT_FILE" -noout -text | grep "Public-Key:" echo ""