summaryrefslogtreecommitdiff
path: root/signcsr.sh
diff options
context:
space:
mode:
Diffstat (limited to 'signcsr.sh')
-rwxr-xr-xsigncsr.sh35
1 files changed, 35 insertions, 0 deletions
diff --git a/signcsr.sh b/signcsr.sh
new file mode 100755
index 0000000..8074b39
--- /dev/null
+++ b/signcsr.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# requires bash regexes
+
+SUPPLEMENTARY_CONFIG="$2"
+
+. ./configure.sh
+
+if ! [ -e "$1" ]; then
+ echo "Please provide a csr file as an argument."
+ echo "$0 [csrfile] (configfile)"
+ exit 2
+fi
+
+# bash doesn't like the (stuff|) construction, so we use (stuff|())
+if [[ "$1" =~ (.+/|())(.+) ]]; then # strip leading directories, if they exist
+ NAME="${BASH_REMATCH[3]}"
+ if [[ "$NAME" =~ (.+)\..* ]]; then # strip trailing suffix, if it exists
+ NAME="${BASH_REMATCH[1]}"
+ fi
+ echo Using "$NAME" as cert name.
+fi
+
+if [ $2 ]; then
+ export CA=$2
+fi
+
+# Gen signed key
+mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs
+SERIAL=$(cat "$CA"/ca/"$CA".serial)
+openssl ca -config "$OPENSSL_CONFIG" -in "$1"
+if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead.
+ mv -i "$1" "$CA"/signed/$NAME.csr
+ ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as serial
+ echo "Use ./mailcert.sh $NAME [emailaddress] to use sendmail to deliver the CA and user certificate."
+fi