====== Quick and dirty CA with bash and dialog ======
This is my quick shell script wrapper using [[http://invisible-island.net/dialog/|dialog]] to create a new signed key with my own [[wp>CA]].
#!/bin/bash
set -e
hostname=`dialog --stdout --clear --inputbox "hostname (pl: www.tricon.hu)" 8 50`
hostmaster=`dialog --stdout --clear --inputbox "hostmaster e-mail (pl: hostmaster@tricon.hu)" 8 50`
cp reqtemplate_openssl.cnf reqs/$hostname.req.openssl.conf
rpl "|HOSTNAME|" "$hostname" reqs/$hostname.req.openssl.conf
rpl "|HOSTMASTER|" "$hostmaster" reqs/$hostname.req.openssl.conf
openssl req -new -nodes -out reqs/$hostname.req.pem -keyout keys/$hostname.key.pem -config reqs/$hostname.req.openssl.conf
openssl ca -out certs/$hostname.cert.pem -config ./openssl.cnf -infiles reqs/$hostname.req.pem
echo "Kesz, ezt a ket fajlt kell hasznalnod:"
echo "keys/$hostname.key.pem"
echo "certs/$hostname.cert.pem"
echo ""
echo "A CA cert a cacert.pem fajlban van, ezt kell telepiteni a kliensekben"
echo ""
echo "Az /etc/CA konyvtarban es alkonyvtaraiban fajlokat torolni, atnevezni TILOS!"
contents of reqtemplate_openssl.cnf follows:
#
# OpenSSL configuration file.
#
[ req ]
default_bits = 1024 # Size of keys
default_md = md5 # message digest algorithm
default_keyfile = keys/|HOSTNAME|.key.pem
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[ req_distinguished_name ]
countryName = HU
stateOrProvinceName = Budapest
localityName = Budapest
organizationName = TRICON
organizationalUnitName = |HOSTNAME|
commonName = |HOSTNAME|
emailAddress = |HOSTMASTER|
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
{{tag>util openssl ca pki dialog security bash}}
~~LINKBACK~~