vesta/bin/v-generate-ssl-cert
2021-07-27 14:35:40 +03:00

160 lines
3.9 KiB
Bash
Executable File

#!/bin/bash
# info: generate self signed certificate and CSR request
# options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]
#
# The function generates self signed SSL certificate and CSR request
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
domain=$1
domain=$(echo $domain |sed -e 's/\.*$//g' -e 's/^\.*//g')
domain_alias=$domain
email=$2
country=$3
state=$4
city=$5
org=$6
org_unit=$7
aliases=$8
format=${9-shell}
KEY_SIZE=4096
DAYS=365
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# Json function
json_list_ssl() {
i='1' # iterator
echo '{'
echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CSR\": \"$csr\","
echo " \"DIR\": \"$workdir\""
echo -e "\t}\n}"
}
# Shell function
shell_list_ssl() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$csr" ]; then
echo -e "\n$csr"
fi
echo -e "\nDirectory: $workdir"
}
# Additional argument formatting
format_domain_idn
if [[ "$email" = *[![:ascii:]]* ]]; then
email=$(idn -t --quiet -a $email)
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
check_args '7' "$#" "$args_usage"
is_format_valid 'domain' 'alias' 'format'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Create temporary work directory
workdir=$(mktemp -d)
cd $workdir
# Generate private key
openssl genrsa $KEY_SIZE > $domain.key 2>/dev/null
# Generate the CSR
subj="/C=$country/ST=$state/localityName=$city/O=$org"
subj="$subj/organizationalUnitName=$org_unit/commonName=$domain_idn"
subj="$subj/emailAddress=$email"
if [ -z "$aliases" ]; then
openssl req -sha256\
-new \
-batch \
-subj "$subj" \
-key $domain.key \
-out $domain.csr #>/dev/null 2>&1
else
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
if [[ "$alias" = *[![:ascii:]]* ]]; then
alias=$(idn -t --quiet -a $alias)
fi
dns_aliases="${dns_aliases}DNS:$alias,"
done
dns_aliases=$(echo $dns_aliases |sed "s/,$//")
if [ -e "/etc/ssl/openssl.cnf" ]; then
ssl_conf='/etc/ssl/openssl.cnf'
else
ssl_conf="/etc/pki/tls/openssl.cnf"
fi
openssl req -sha256\
-new \
-batch \
-subj "$subj" \
-key $domain.key \
-reqexts SAN \
-config <(cat $ssl_conf \
<(printf "[SAN]\nsubjectAltName=$dns_aliases")) \
-out $domain.csr >/dev/null 2>&1
fi
# Generate the cert 1 year
openssl x509 -req -sha256 \
-days $DAYS \
-in $domain.csr \
-signkey $domain.key \
-out $domain.crt >/dev/null 2>&1
# Listing certificates
if [ -e "$domain.crt" ]; then
crt=$(cat $domain.crt |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.key" ]; then
key=$(cat $domain.key |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.csr" ]; then
csr=$(cat $domain.csr |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
case $format in
json) json_list_ssl ;;
plain) nohead=1; shell_list_ssl ;;
shell) shell_list_ssl ;;
*) check_args '1' '0' '[FORMAT]'
esac
# Delete tmp dir
#rm -rf $workdir
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit