root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
576e7de917da8c508787f312946f365ece74f3dd
zertifizierung/generate-csr.sh
root 576e7de917 Initial commit: Certificate management tools 
- cert-manager.py: Interactive certificate lifecycle management
- generate-csr.sh: Generate CSR on remote host
- sign-cert.sh: Sign certificate with UCS CA
- README.md: Complete documentation
- .gitignore: Ignore certificate and config files

Features:
- Interactive prompts with default values
- Config persistence between runs
- Remote CSR generation with proper server extensions
- Automated CA signing
- Optional certificate deployment
2025-10-23 08:11:35 +02:00

114 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Script to generate a certificate request on a remote host
# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou]
set -e
# Check arguments
if [ $# -lt 2 ]; then
echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou]"
echo ""
echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it"
exit 1
fi
TARGET_HOST="$1"
COMMON_NAME="$2"
COUNTRY="${3:-DE}"
STATE="${4:-berlin}"
LOCALITY="${5:-berlin}"
ORG="${6:-egonetix}"
OU="${7:-it}"
# Extract short hostname from common name
SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1)
OUTPUT_FILE="${SHORT_NAME}.req"
echo "=========================================="
echo "Certificate Request Generation"
echo "=========================================="
echo "Target host: $TARGET_HOST"
echo "Common Name: $COMMON_NAME"
echo "Country: $COUNTRY"
echo "State: $STATE"
echo "Locality: $LOCALITY"
echo "Organization: $ORG"
echo "Org Unit: $OU"
echo "Output file: $OUTPUT_FILE"
echo "=========================================="
echo ""
# Create OpenSSL config
CONFIG_CONTENT="[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = v3_req
[dn]
C=$COUNTRY
ST=$STATE
L=$LOCALITY
O=$ORG
OU=$OU
CN=$COMMON_NAME
[v3_req]
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = $COMMON_NAME
DNS.2 = $SHORT_NAME"
# Add alternative names if common name contains domain
if [[ "$COMMON_NAME" == *.* ]]; then
CONFIG_CONTENT="$CONFIG_CONTENT
DNS.3 = ${SHORT_NAME}.${COMMON_NAME#*.}"
fi
echo "[1/4] Creating OpenSSL configuration..."
echo "$CONFIG_CONTENT" > /tmp/csr_config.conf
echo "[2/4] Copying config to target host..."
scp /tmp/csr_config.conf root@${TARGET_HOST}:/tmp/csr_config.conf
if [ $? -ne 0 ]; then
echo "Error: Failed to copy config to target host"
exit 1
fi
echo "[3/4] Generating CSR on target host..."
ssh root@${TARGET_HOST} "openssl req -new -newkey rsa:4096 -nodes -keyout /tmp/${SHORT_NAME}.key -out /tmp/${SHORT_NAME}.csr -config /tmp/csr_config.conf"
if [ $? -ne 0 ]; then
echo "Error: Failed to generate CSR on target host"
exit 1
fi
echo "[4/4] Downloading CSR..."
scp root@${TARGET_HOST}:/tmp/${SHORT_NAME}.csr "$OUTPUT_FILE"
if [ $? -ne 0 ]; then
echo "Error: Failed to download CSR"
exit 1
fi
# Clean up local temp file
rm -f /tmp/csr_config.conf
echo ""
echo "=========================================="
echo "✓ CSR generated successfully!"
echo "=========================================="
echo "Certificate request saved to: $OUTPUT_FILE"
echo ""
echo "CSR details:"
openssl req -in "$OUTPUT_FILE" -noout -text | grep -A 10 "Subject:"
echo ""
echo "IMPORTANT: Private key is stored on target host at:"
echo " /tmp/${SHORT_NAME}.key"
echo ""
echo "Next step: Sign this CSR with:"
echo " ./sign-cert.sh $OUTPUT_FILE $SHORT_NAME"
echo "=========================================="
Reference in New Issue View Git Blame Copy Permalink