#!/bin/bash # Script to generate a certificate request on a remote host # Usage: ./generate-csr.sh [country] [state] [locality] [org] [ou] set -e # Check arguments if [ $# -lt 2 ]; then echo "Usage: $0 [country] [state] [locality] [org] [ou]" echo "" echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it" exit 1 fi TARGET_HOST="$1" COMMON_NAME="$2" COUNTRY="${3:-DE}" STATE="${4:-berlin}" LOCALITY="${5:-berlin}" ORG="${6:-egonetix}" OU="${7:-it}" # Extract short hostname from common name SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1) OUTPUT_FILE="${SHORT_NAME}.req" echo "==========================================" echo "Certificate Request Generation" echo "==========================================" echo "Target host: $TARGET_HOST" echo "Common Name: $COMMON_NAME" echo "Country: $COUNTRY" echo "State: $STATE" echo "Locality: $LOCALITY" echo "Organization: $ORG" echo "Org Unit: $OU" echo "Output file: $OUTPUT_FILE" echo "==========================================" echo "" # Create OpenSSL config CONFIG_CONTENT="[req] default_bits = 4096 prompt = no default_md = sha256 distinguished_name = dn req_extensions = v3_req [dn] C=$COUNTRY ST=$STATE L=$LOCALITY O=$ORG OU=$OU CN=$COMMON_NAME [v3_req] keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = $COMMON_NAME DNS.2 = $SHORT_NAME" # Add alternative names if common name contains domain if [[ "$COMMON_NAME" == *.* ]]; then CONFIG_CONTENT="$CONFIG_CONTENT DNS.3 = ${SHORT_NAME}.${COMMON_NAME#*.}" fi echo "[1/4] Creating OpenSSL configuration..." echo "$CONFIG_CONTENT" > /tmp/csr_config.conf echo "[2/4] Copying config to target host..." scp /tmp/csr_config.conf root@${TARGET_HOST}:/tmp/csr_config.conf if [ $? -ne 0 ]; then echo "Error: Failed to copy config to target host" exit 1 fi echo "[3/4] Generating CSR on target host..." ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:4096 -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf" if [ $? -ne 0 ]; then echo "Error: Failed to generate CSR on target host" exit 1 fi echo "[4/4] Downloading CSR..." scp root@${TARGET_HOST}:/tmp/${SHORT_NAME}.csr "$OUTPUT_FILE" if [ $? -ne 0 ]; then echo "Error: Failed to download CSR" exit 1 fi # Clean up local temp file rm -f /tmp/csr_config.conf echo "" echo "==========================================" echo "✓ CSR generated successfully!" echo "==========================================" echo "Certificate request saved to: $OUTPUT_FILE" echo "" echo "CSR details:" openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 10 "Subject:" echo "" echo "IMPORTANT: Private key is stored on target host at:" echo " /tmp/${SHORT_NAME}.key" echo "" echo "Next step: Sign this CSR with:" echo " ./sign-cert.sh $OUTPUT_FILE $SHORT_NAME" echo "=========================================="