root/zertifizierung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
576e7de917da8c508787f312946f365ece74f3dd
zertifizierung/sign-cert.sh
root 576e7de917 Initial commit: Certificate management tools 
- cert-manager.py: Interactive certificate lifecycle management
- generate-csr.sh: Generate CSR on remote host
- sign-cert.sh: Sign certificate with UCS CA
- README.md: Complete documentation
- .gitignore: Ignore certificate and config files

Features:
- Interactive prompts with default values
- Config persistence between runs
- Remote CSR generation with proper server extensions
- Automated CA signing
- Optional certificate deployment
2025-10-23 08:11:35 +02:00

88 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Script to sign a certificate request with UCS CA
# Usage: ./sign-cert.sh <req-file> <hostname> [days]
set -e
# Configuration
UCS_SERVER="10.0.0.21"
UCS_USER="root"
DEFAULT_DAYS=3650
# Check arguments
if [ $# -lt 2 ]; then
echo "Usage: $0 <req-file> <hostname> [days]"
echo ""
echo "Example: $0 webui.req myserver 3650"
echo ""
echo "The script will:"
echo " 1. Copy the CSR to UCS server"
echo " 2. Sign it with the UCS CA"
echo " 3. Download the signed certificate to current directory"
exit 1
fi
REQ_FILE="$1"
HOSTNAME="$2"
DAYS="${3:-$DEFAULT_DAYS}"
# Validate req file exists
if [ ! -f "$REQ_FILE" ]; then
echo "Error: Certificate request file '$REQ_FILE' not found!"
exit 1
fi
# Get absolute path of req file
REQ_FILE=$(realpath "$REQ_FILE")
OUTPUT_FILE="${HOSTNAME}-cert.pem"
echo "=========================================="
echo "UCS Certificate Signing Script"
echo "=========================================="
echo "Request file: $REQ_FILE"
echo "Hostname: $HOSTNAME"
echo "Valid days: $DAYS"
echo "Output file: $OUTPUT_FILE"
echo "=========================================="
echo ""
# Step 1: Copy CSR to UCS server
echo "[1/3] Copying CSR to UCS server..."
scp "$REQ_FILE" ${UCS_USER}@${UCS_SERVER}:/tmp/${HOSTNAME}.csr
if [ $? -ne 0 ]; then
echo "Error: Failed to copy CSR to UCS server"
exit 1
fi
# Step 2: Sign the certificate
echo "[2/3] Signing certificate on UCS server..."
ssh ${UCS_USER}@${UCS_SERVER} "univention-certificate sign -request /tmp/${HOSTNAME}.csr -name ${HOSTNAME} -days ${DAYS}"
if [ $? -ne 0 ]; then
echo "Error: Failed to sign certificate"
exit 1
fi
# Step 3: Download signed certificate
echo "[3/3] Downloading signed certificate..."
scp ${UCS_USER}@${UCS_SERVER}:/etc/univention/ssl/${HOSTNAME}/cert.pem "$OUTPUT_FILE"
if [ $? -ne 0 ]; then
echo "Error: Failed to download signed certificate"
exit 1
fi
echo ""
echo "=========================================="
echo "✓ Certificate signed successfully!"
echo "=========================================="
echo "Certificate saved to: $OUTPUT_FILE"
echo ""
echo "Certificate details:"
openssl x509 -in "$OUTPUT_FILE" -noout -subject -issuer -dates
echo ""
echo "Subject Alternative Names:"
openssl x509 -in "$OUTPUT_FILE" -noout -text | grep -A 1 "Subject Alternative Name" | tail -1
echo ""
echo "Extended Key Usage:"
openssl x509 -in "$OUTPUT_FILE" -noout -text | grep -A 1 "Extended Key Usage" | tail -1
echo "=========================================="
Reference in New Issue View Git Blame Copy Permalink