zertifizierung/EXAMPLES.md

Usage Examples

Example 1: Creating a certificate for a new server (Interactive)

./cert-manager.py

Session output:

============================================================
Interactive Certificate Manager
============================================================

--- Certificate Details ---
Target Host (IP or hostname): 192.168.1.50
Common Name (FQDN): webserver.egonetix.lan

--- Certificate Subject (press Enter to use defaults) ---
Country (C) [DE]: 
State/Province (ST) [berlin]: 
Locality (L) [berlin]: 
Organization (O) [egonetix]: 
Organizational Unit (OU) [it]: 
Validity (days) [3650]: 

============================================================
Summary:
============================================================
Target Host:     192.168.1.50
Common Name:     webserver.egonetix.lan
Country:         DE
State:           berlin
Locality:        berlin
Organization:    egonetix
Org Unit:        it
Validity:        3650 days
CA Server:       10.0.0.21
Output files:    webserver.req, webserver-cert.pem
============================================================

Proceed with certificate generation? [Y/n]: y

============================================================
Step 1: Generating CSR on target host
============================================================
[Generates CSR on 192.168.1.50...]

============================================================
Step 2: Signing certificate with CA
============================================================
[Signs certificate with UCS CA...]

============================================================
Step 3: Deploying certificate to target host
============================================================
Do you want to copy the certificate back to the target host? [Y/n]: y

✓ Certificate copied to target host at /tmp/webserver.crt
  Private key is at /tmp/webserver.key

============================================================
✓ Certificate Management Complete!
============================================================

Files created:
  - webserver.req (Certificate Request)
  - webserver-cert.pem (Signed Certificate)

On target host (192.168.1.50):
  - /tmp/webserver.key (Private Key)
  - /tmp/webserver.crt (Certificate)

Example 2: Using standalone scripts

Generate CSR only:

./generate-csr.sh 10.0.0.1 gwnue01.egonetix.lan

Sign existing CSR:

./sign-cert.sh gwnue01.req gwnue01 3650

Example 3: Changing default values

First run with modified defaults:

./cert-manager.py

Answer "y" to "Do you want to modify default values?"

Set your new defaults (e.g., different organization, longer validity period).

These defaults are saved in ~/.cert-manager-config.json and will be used for all future runs.

Example 4: Batch processing

For multiple certificates, create a wrapper script:

#!/bin/bash
# batch-certs.sh

hosts=(
  "10.0.0.1:gwnue01.egonetix.lan"
  "10.0.0.10:nas.egonetix.lan"
  "10.0.0.20:monitoring.egonetix.lan"
)

for entry in "${hosts[@]}"; do
  host="${entry%%:*}"
  fqdn="${entry##*:}"
  
  echo "Processing $fqdn on $host..."
  ./generate-csr.sh "$host" "$fqdn" DE berlin berlin egonetix it
  
  shortname=$(echo "$fqdn" | cut -d'.' -f1)
  ./sign-cert.sh "${shortname}.req" "$shortname" 3650
  
  echo "Done with $fqdn"
  echo ""
done

Tips

1. First run: Use the interactive tool to set up your defaults
2. Repeated certificates: The tool remembers your last target/common name
3. Different organizations: Modify defaults when needed for specific use cases
4. Automation: Use the standalone scripts for scripting/automation
5. Verification: Always check the certificate details after generation