certificate_create

This is a silly little script I created many years ago to create a self-signed certificate for use with Apache SSL.

#! /bin/bash

# vi:set nu ai ap smd showmatch tabstop=4 shiftwidth=4:

# NAME: certificate_create

# AUTHOR: Tom Sandholm (tom.sandholm AT gmail DOT com)

# VERION: 1.0

# DATE: Mon Apr 14 12:07:51 EDT 2003

# DESCRIPTION: Program to create SSL certificate for Apache

#

# expect an argument that is the FQDN of the machine

# to create the certs for.

HOST=${1?Must declare FQDN}

tmp=${HOST%%.*}

tmp1=$(date '+%m_%d_%Y')

TAR_FILENAME="${tmp}_${tmp1}"

# function to Generate Server Key

# args: pass-phrase output-filename

function GenerateServerKey {

PSW="${1?Must declare a pass phrase}"

OUT="${2?Must declare the output filename}"

openssl genrsa -des3 -passout pass:${PSW} -out $OUT 1024

}

# function to remove a pass phrase from a key file

# args: pass-phrase input-key-filename output-nopw-key-filename

function RemovePassPhrase {

PSW="${1?Must declare a pass phrase}"

IN="${2?Must declare the input filename}"

OUT="${3?Must declare the output filename}"

openssl rsa -in $IN -passin pass:${PSW} -out $OUT

}

# function to generate a certificate request

# args: key-filename csr-filename

function GenerateCertificateSigningRequest {

IN="${1?Must declare key file}"

OUT="${2?Must declare the csr file}"

CONFIG="./openssl.cnf"

echo "

RANDFILE = $ENV::HOME/.rnd

[ req ]

default_bits = 1024

default_keyfile = keyfile.pem

distinguished_name = req_distinguished_name

attributes = req_attributes

prompt = no

output_password = mypass

[ req_distinguished_name ]

C = US

ST = New Hampshire

L = New Hampshire

O = TomKat Stable

OU = WebHosting

CN = $HOST

emailAddress = whoever-the-admin-is@somecompany.com

[ req_attributes ]

challengePassword = deleteme" > $CONFIG

openssl req -new -key ${IN} -out ${OUT} -config $CONFIG

}

# function to sign a certificate

# args: csr-filename key-filename cert-filename

function SelfSignCert {

IN="${1?Must declare the certificate request file}"

KEY="${2?Must declare the key file}"

OUT="${3?Must declare the certificate output file}"

openssl x509 -req -days 365 -in ${IN} -signkey ${KEY} -out ${OUT}

}

echo ">>> Certificate Create"

echo ">>> Generating certificate for host: $HOST"

echo ""

echo ">>> GenerateServerKey"

# Generate Server Key File

# args: pass-phrase key-filename

GenerateServerKey "deleteme" "./${HOST}.key"

echo ""

echo ">>> RemovePassPhrase"

# Remove Pass Phrase from keyfile

# args: pass-phrase key-filename nopw-key-filename

RemovePassPhrase "deleteme" "./${HOST}.key" "./${HOST}.key.nopw"

echo ""

echo ">>> GenerateCertificateSigningRequest"

# Generate Certificate Signing Request

# (cert-request)

# args: nopw-key-filename csr-filename

GenerateCertificateSigningRequest "./${HOST}.key.nopw" "./${HOST}.csr"

echo ""

echo ">>> SelfSignCert"

# Self Sign Certificate

# args: csr-filename nopw-key-filename crt-filename

SelfSignCert "./${HOST}.csr" "./${HOST}.key.nopw" "./${HOST}.crt"

echo ""

echo ">>> Creating TarBall $TAR_FILENAME"

tar cvf ./${TAR_FILENAME}.tar $HOST*

gzip -9 ./${TAR_FILENAME}.tar

echo ""

echo ">>> TarBall is ${TAR_FILENAME}.tar.gz"

rm ./${HOST}.csr ./${HOST}.key.nopw ./${HOST}.key ./${HOST}.crt

echo ""

echo ">>> all done..."

exit 0