summaryrefslogtreecommitdiff
path: root/gensignedcert.sh
diff options
context:
space:
mode:
Diffstat (limited to 'gensignedcert.sh')
-rwxr-xr-xgensignedcert.sh31
1 files changed, 31 insertions, 0 deletions
diff --git a/gensignedcert.sh b/gensignedcert.sh
new file mode 100755
index 0000000..3564024
--- /dev/null
+++ b/gensignedcert.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+# ./keygen [name] (configfile)
+# This is only suggested if you have a secured path to deliver this new key through.
+
+SUPPLEMENTARY_CONFIG="$2"
+
+. ./configure.sh
+
+if ! [ $1 ]; then
+ echo "Please provide a one-word certificate name as an argument.\n"
+ echo "$0 [name] (configfile)\n"
+ exit 2
+fi
+
+if [ $2 ]; then
+ export CA=$2
+fi
+
+# Gen signed key
+mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs
+openssl req -config "$OPENSSL_CONFIG" -new -nodes -out "$CA"/temp/"$1".csr -keyout "$CA"/temp/"$1".key
+chmod 600 "$CA"/temp/"$1".key
+SERIAL=$(cat "$CA"/ca/"$CA".serial)
+openssl ca -config "$OPENSSL_CONFIG" -in "$CA"/temp/"$1".csr
+if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead.
+ mv -i "$CA"/temp/"$1".csr "$CA"/temp/"$1".key "$CA"/signed/
+ ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as by serial
+ echo To create an encrypted key/certificate, run the following:
+ echo openssl rsa -in "$CA"/signed/"$1".key -des3 -out "$CA"/signed/"$1"-password.key
+ echo cat "$CA"/signed/"$1"-password.key "$CA"/signed/"$1".crt '>' "$CA"/signed/"$1"-password.pem
+fi