From 478e1993e0760ad83668243111be155b3e9e7050 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Sun, 27 Mar 2011 19:52:49 -0700 Subject: Initial content; missing some mailcert.sh support --- gensignedcert.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 gensignedcert.sh (limited to 'gensignedcert.sh') diff --git a/gensignedcert.sh b/gensignedcert.sh new file mode 100755 index 0000000..3564024 --- /dev/null +++ b/gensignedcert.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# ./keygen [name] (configfile) +# This is only suggested if you have a secured path to deliver this new key through. + +SUPPLEMENTARY_CONFIG="$2" + +. ./configure.sh + +if ! [ $1 ]; then + echo "Please provide a one-word certificate name as an argument.\n" + echo "$0 [name] (configfile)\n" + exit 2 +fi + +if [ $2 ]; then + export CA=$2 +fi + +# Gen signed key +mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs +openssl req -config "$OPENSSL_CONFIG" -new -nodes -out "$CA"/temp/"$1".csr -keyout "$CA"/temp/"$1".key +chmod 600 "$CA"/temp/"$1".key +SERIAL=$(cat "$CA"/ca/"$CA".serial) +openssl ca -config "$OPENSSL_CONFIG" -in "$CA"/temp/"$1".csr +if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead. + mv -i "$CA"/temp/"$1".csr "$CA"/temp/"$1".key "$CA"/signed/ + ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as by serial + echo To create an encrypted key/certificate, run the following: + echo openssl rsa -in "$CA"/signed/"$1".key -des3 -out "$CA"/signed/"$1"-password.key + echo cat "$CA"/signed/"$1"-password.key "$CA"/signed/"$1".crt '>' "$CA"/signed/"$1"-password.pem +fi -- cgit v1.2.3