# Usage Examples ## Example 1: Creating a certificate for a new server (Interactive) ```bash ./cert-manager.py ``` **Session output:** ``` ============================================================ Interactive Certificate Manager ============================================================ --- Certificate Details --- Target Host (IP or hostname): 192.168.1.50 Common Name (FQDN): webserver.egonetix.lan --- Certificate Subject (press Enter to use defaults) --- Country (C) [DE]: State/Province (ST) [berlin]: Locality (L) [berlin]: Organization (O) [egonetix]: Organizational Unit (OU) [it]: Validity (days) [3650]: ============================================================ Summary: ============================================================ Target Host: 192.168.1.50 Common Name: webserver.egonetix.lan Country: DE State: berlin Locality: berlin Organization: egonetix Org Unit: it Validity: 3650 days CA Server: 10.0.0.21 Output files: webserver.req, webserver-cert.pem ============================================================ Proceed with certificate generation? [Y/n]: y ============================================================ Step 1: Generating CSR on target host ============================================================ [Generates CSR on 192.168.1.50...] ============================================================ Step 2: Signing certificate with CA ============================================================ [Signs certificate with UCS CA...] ============================================================ Step 3: Deploying certificate to target host ============================================================ Do you want to copy the certificate back to the target host? [Y/n]: y ✓ Certificate copied to target host at /tmp/webserver.crt Private key is at /tmp/webserver.key ============================================================ ✓ Certificate Management Complete! ============================================================ Files created: - webserver.req (Certificate Request) - webserver-cert.pem (Signed Certificate) On target host (192.168.1.50): - /tmp/webserver.key (Private Key) - /tmp/webserver.crt (Certificate) ``` ## Example 2: Using standalone scripts ### Generate CSR only: ```bash ./generate-csr.sh 10.0.0.1 gwnue01.egonetix.lan ``` ### Sign existing CSR: ```bash ./sign-cert.sh gwnue01.req gwnue01 3650 ``` ## Example 3: Changing default values First run with modified defaults: ```bash ./cert-manager.py ``` Answer "y" to "Do you want to modify default values?" Set your new defaults (e.g., different organization, longer validity period). These defaults are saved in `~/.cert-manager-config.json` and will be used for all future runs. ## Example 4: Batch processing For multiple certificates, create a wrapper script: ```bash #!/bin/bash # batch-certs.sh hosts=( "10.0.0.1:gwnue01.egonetix.lan" "10.0.0.10:nas.egonetix.lan" "10.0.0.20:monitoring.egonetix.lan" ) for entry in "${hosts[@]}"; do host="${entry%%:*}" fqdn="${entry##*:}" echo "Processing $fqdn on $host..." ./generate-csr.sh "$host" "$fqdn" DE berlin berlin egonetix it shortname=$(echo "$fqdn" | cut -d'.' -f1) ./sign-cert.sh "${shortname}.req" "$shortname" 3650 echo "Done with $fqdn" echo "" done ``` ## Tips 1. **First run:** Use the interactive tool to set up your defaults 2. **Repeated certificates:** The tool remembers your last target/common name 3. **Different organizations:** Modify defaults when needed for specific use cases 4. **Automation:** Use the standalone scripts for scripting/automation 5. **Verification:** Always check the certificate details after generation