signcsr.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#!/bin/bash
# requires bash regexes

SUPPLEMENTARY_CONFIG="$2"

. ./configure.sh

if ! [ -e "$1" ]; then
  echo "Please provide a csr file as an argument."
  echo "$0 [csrfile] (configfile)"
  exit 2
fi

# bash doesn't like the (stuff|) construction, so we use (stuff|())
if [[ "$1" =~ (.+/|())(.+) ]]; then # strip leading directories, if they exist
  NAME="${BASH_REMATCH[3]}"
  if [[ "$NAME" =~ (.+)\..* ]]; then # strip trailing suffix, if it exists
    NAME="${BASH_REMATCH[1]}"
  fi
  echo Using "$NAME" as cert name.
fi

if [ $2 ]; then
  export CA=$2
fi
  
# Gen signed key
mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs
SERIAL=$(cat "$CA"/ca/"$CA".serial)
openssl ca -config "$OPENSSL_CONFIG" -in "$1"
if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead.
  mv -i "$1" "$CA"/signed/$NAME.csr
  ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as serial
  echo "Use ./mailcert.sh $NAME [emailaddress] to use sendmail to deliver the CA and user certificate."
fi