Init need CommonName for CA
This commit is contained in:
parent
8263ca83e2
commit
e6621cdd9b
54
shellpki.sh
54
shellpki.sh
|
@ -8,24 +8,48 @@ set -eu
|
||||||
init() {
|
init() {
|
||||||
umask 0177
|
umask 0177
|
||||||
|
|
||||||
if [ -f "${CAKEY}" ]; then
|
|
||||||
echo "${CAKEY} already exists, do you really want to erase it ?\n"
|
|
||||||
echo "Press return to continue..."
|
|
||||||
read -r REPLY
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -d "${CADIR}" ] || mkdir -m 0750 "${CADIR}"
|
[ -d "${CADIR}" ] || mkdir -m 0750 "${CADIR}"
|
||||||
[ -d "${CRTDIR}" ] || mkdir -m 0750 "${CRTDIR}"
|
[ -d "${CRTDIR}" ] || mkdir -m 0750 "${CRTDIR}"
|
||||||
[ -f "${INDEX}" ] || touch "${INDEX}"
|
[ -f "${INDEX}" ] || touch "${INDEX}"
|
||||||
|
[ -f "${CRL}" ] || touch "${CRL}"
|
||||||
[ -f "${SERIAL}" ] || echo "01" > "${SERIAL}"
|
[ -f "${SERIAL}" ] || echo "01" > "${SERIAL}"
|
||||||
|
|
||||||
"${OPENSSL}" req \
|
cn="${1:-}"
|
||||||
-config "${CONFFILE}" \
|
[ -z "${cn}" ] && usage >&2 && exit 1
|
||||||
-newkey rsa:4096 -sha512 \
|
|
||||||
-x509 -days 3650 \
|
if [ -f "${CAKEY}" ]; then
|
||||||
-extensions v3_ca \
|
printf "%s already exists, do you really want to erase it ? [y/N] " ${CAKEY}
|
||||||
-keyout "${CAKEY}" \
|
read -r REPLY
|
||||||
-out "${CACERT}"
|
resp=$(echo "${REPLY}"|tr 'Y' 'y')
|
||||||
|
[ "${resp}" = "y" ] && rm "${CAKEY}" "${CACERT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ ! -f "${CAKEY}" ] && "$OPENSSL" \
|
||||||
|
genrsa \
|
||||||
|
-out "${CAKEY}" \
|
||||||
|
-aes256 4096 >/dev/null 2>&1
|
||||||
|
|
||||||
|
if [ -f "${CACERT}" ]; then
|
||||||
|
printf "%s already exists, do you really want to erase it ? [y/N] " ${CACERT}
|
||||||
|
read -r REPLY
|
||||||
|
resp=$(echo "${REPLY}"|tr 'Y' 'y')
|
||||||
|
[ "${resp}" = "y" ] && rm "${CACERT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ ! -f "${CACERT}" ] && ask_ca_password 0
|
||||||
|
|
||||||
|
[ ! -f "${CACERT}" ] && CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}" \
|
||||||
|
req \
|
||||||
|
-batch -sha512 \
|
||||||
|
-x509 -days 3650 \
|
||||||
|
-extensions v3_ca \
|
||||||
|
-key "${CAKEY}" \
|
||||||
|
-out "${CACERT}" \
|
||||||
|
-passin env:CA_PASSWORD \
|
||||||
|
-config /dev/stdin <<EOF
|
||||||
|
$(cat "${CONFFILE}")
|
||||||
|
commonName_default = ${cn}
|
||||||
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
|
@ -34,7 +58,7 @@ Usage: ${0} <subcommand> [options] [CommonName]
|
||||||
|
|
||||||
Initialize PKI (create CA key and self-signed cert) :
|
Initialize PKI (create CA key and self-signed cert) :
|
||||||
|
|
||||||
${0} init
|
${0} init <commonName_for_CA>
|
||||||
|
|
||||||
Create a client cert with key and CSR directly generated on server
|
Create a client cert with key and CSR directly generated on server
|
||||||
(use -p for set a password on client key) :
|
(use -p for set a password on client key) :
|
||||||
|
@ -370,7 +394,7 @@ main() {
|
||||||
case "${command}" in
|
case "${command}" in
|
||||||
init)
|
init)
|
||||||
shift
|
shift
|
||||||
init
|
init "$@"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
create)
|
create)
|
||||||
|
|
Loading…
Reference in a new issue