2018-11-13 17:03:20 +08:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
type_name=$1
|
|
|
|
|
name=$2
|
|
|
|
|
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ "${type_name}" == "-caroot" ]; then
|
|
|
|
|
csrfrom=$3
|
|
|
|
|
csrname=$4
|
|
|
|
|
csrkey=$5
|
|
|
|
|
else
|
|
|
|
|
cafrom=$3
|
|
|
|
|
caname=$4
|
|
|
|
|
cakey=$5
|
|
|
|
|
|
|
|
|
|
csrfrom=$6
|
|
|
|
|
csrname=$7
|
|
|
|
|
csrkey=$8
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
san_nam=$9
|
|
|
|
|
|
|
|
|
|
trap "do_signal" 2
|
|
|
|
|
do_signal()
|
|
|
|
|
{
|
|
|
|
|
echo "\n"
|
|
|
|
|
read -p "Terminate theprocess? (y/n): " input
|
|
|
|
|
}
|
2018-11-13 17:03:20 +08:00
|
|
|
|
2019-01-04 17:26:50 +08:00
|
|
|
do_clear()
|
|
|
|
|
{
|
|
|
|
|
if [ -d "./demoCA" ]; then
|
|
|
|
|
rm -rf ./demoCA
|
|
|
|
|
fi
|
2018-11-13 17:03:20 +08:00
|
|
|
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ $1 -ne 0 ];then
|
|
|
|
|
if [ -d "./ca-middle/$2" ]; then
|
|
|
|
|
rm -rf ./ca-middle/$2
|
|
|
|
|
fi
|
|
|
|
|
if [ -d "./entity/$2" ]; then
|
|
|
|
|
rm -rf ./entity/$2
|
|
|
|
|
fi
|
|
|
|
|
if [ -d "./caroot/$2" ]; then
|
|
|
|
|
rm -rf ./caroot/$2
|
|
|
|
|
fi
|
|
|
|
|
if [ -d "./csr/$2" ]; then
|
|
|
|
|
rm -rf ./csr/$2
|
|
|
|
|
fi
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
}
|
2018-11-21 13:33:01 +08:00
|
|
|
|
2018-11-13 17:03:20 +08:00
|
|
|
do_help()
|
|
|
|
|
{
|
2019-01-04 17:26:50 +08:00
|
|
|
echo ""
|
|
|
|
|
echo "./signssl -type cert_name -cafrom ca_name key_name -csr csr_name csr_key -san san_nam"
|
2018-11-21 13:33:01 +08:00
|
|
|
echo "usage: ./signssl args"
|
2019-01-04 17:26:50 +08:00
|
|
|
echo " -type - input type "-csr -caroot -camiddle -entity""
|
|
|
|
|
echo " cert_name - input cert_name "input output cert namae""
|
|
|
|
|
echo " -cafrom ca_name keyname - input ca_name keyname "input the root cert name and key""
|
|
|
|
|
echo " -csrfrom csr_name csr_key - input csr_name csr_key "input cert signs request file name and key""
|
|
|
|
|
echo " san_name - input san_name "When it is an entity cert, input user alternate name""
|
|
|
|
|
echo ""
|
|
|
|
|
echo "exanple -csr"
|
|
|
|
|
echo "./signssl.sh -csr csr_name"
|
|
|
|
|
echo "example -caroot"
|
2018-11-21 13:33:01 +08:00
|
|
|
echo "./signssl.sh -caroot root_name"
|
2019-01-04 17:26:50 +08:00
|
|
|
echo "example -camiddle"
|
|
|
|
|
echo "./signssl.sh -camiddle middle_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key"
|
|
|
|
|
echo "exaple -entity"
|
|
|
|
|
echo "./signssl.sh -entity entity_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key 163"
|
|
|
|
|
echo ""
|
2018-11-21 13:33:01 +08:00
|
|
|
exit
|
2018-11-13 17:03:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_mkdir()
|
|
|
|
|
{
|
|
|
|
|
if [ ! -d "./demoCA" ]; then
|
|
|
|
|
mkdir demoCA
|
|
|
|
|
mkdir ./demoCA/newcerts
|
|
|
|
|
touch ./demoCA/index.txt
|
|
|
|
|
touch ./demoCA/serial
|
|
|
|
|
echo 0001 >> ./demoCA/serial
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_check()
|
|
|
|
|
{
|
|
|
|
|
if [ "$type_name" == "" ]||[ "$name" == "" ]; then
|
2019-01-04 17:26:50 +08:00
|
|
|
echo "cert type is unkone!"
|
2018-11-13 17:03:20 +08:00
|
|
|
do_help
|
|
|
|
|
exit
|
|
|
|
|
fi
|
2018-11-16 14:43:36 +08:00
|
|
|
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ "$type_name" == "-csr" ]; then
|
2018-11-16 14:43:36 +08:00
|
|
|
return
|
|
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
|
|
|
|
|
if [ "$type_name" == "-caroot" ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$csrfrom" == "" ] || [ "$csrname" == "" ] || [ "$csrkey" == "" ]; then
|
|
|
|
|
echo "input input cert signs request file name and key"
|
|
|
|
|
do_help
|
|
|
|
|
exit
|
2018-11-13 17:03:20 +08:00
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
|
|
|
|
|
if [ "$cafrom" == "" ] || [ "$caname" == "" ] || [ "$cakey" == "" ]; then
|
|
|
|
|
echo "input certificate name or key is unkone!"
|
2018-11-13 17:03:20 +08:00
|
|
|
do_help
|
|
|
|
|
exit
|
|
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
|
2018-11-21 13:33:01 +08:00
|
|
|
if [ "$type_name" == "-entity" ];then
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ "$san_nam" == "" ];then
|
2018-11-21 13:33:01 +08:00
|
|
|
echo "Please enter the san name!"
|
|
|
|
|
do_help
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
fi
|
2018-11-13 17:03:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_middle()
|
|
|
|
|
{
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ ! -d "./ca-middle/${name}" ]; then
|
|
|
|
|
mkdir -p ca-middle/${name}
|
2018-11-13 17:03:20 +08:00
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
outpath=ca-middle/${name}
|
|
|
|
|
|
|
|
|
|
openssl ca -extensions v3_ca -in ${csrname} -out ${outpath}/${name}.cer -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
|
|
|
|
|
openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
|
|
|
|
|
|
|
|
|
|
do_clear $? ${name}
|
|
|
|
|
cp ${csrkey} ${outpath}
|
2018-11-13 17:03:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_entity()
|
|
|
|
|
{
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ ! -d "./entity/${name}" ];then
|
|
|
|
|
mkdir -p entity/${name}
|
2018-11-13 17:03:20 +08:00
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
outpath=entity/${name}
|
|
|
|
|
|
|
|
|
|
openssl ca -in ${csrname} -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${san_nam}.com,DNS:*.${san_nam}.cn")) -out ${outpath}/${name}.cer
|
|
|
|
|
|
|
|
|
|
openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
|
|
|
|
|
|
|
|
|
|
do_clear $? ${name}
|
|
|
|
|
cp ${csrkey} ${outpath}
|
2018-11-13 17:03:20 +08:00
|
|
|
}
|
|
|
|
|
|
2018-11-16 14:43:36 +08:00
|
|
|
do_caroot()
|
|
|
|
|
{
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ ! -d ".caroot/${name}" ];then
|
|
|
|
|
mkdir -p caroot/${name}
|
2018-11-16 14:43:36 +08:00
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
outpath=caroot/${name}
|
|
|
|
|
|
|
|
|
|
openssl genrsa -out ${outpath}/${name}.key 1024
|
|
|
|
|
openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
|
|
|
|
|
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${outpath}/${name}.key -in ${outpath}/${name}.csr -out ${outpath}/${name}.cer
|
|
|
|
|
#openssl req -new -x509 -key ca.key -out ca.crt
|
|
|
|
|
do_clear $? ${name}
|
|
|
|
|
}
|
2018-11-16 14:43:36 +08:00
|
|
|
|
2019-01-04 17:26:50 +08:00
|
|
|
do_csr()
|
|
|
|
|
{
|
|
|
|
|
if [ ! -d "./csr/${name}" ];then
|
|
|
|
|
mkdir -p csr/${name}
|
|
|
|
|
fi
|
|
|
|
|
outpath=csr/${name}
|
|
|
|
|
|
|
|
|
|
openssl genrsa -out ${outpath}/${name}.key 1024
|
|
|
|
|
openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
|
|
|
|
|
do_clear $? ${name}
|
2018-11-16 14:43:36 +08:00
|
|
|
}
|
|
|
|
|
|
2018-11-13 17:03:20 +08:00
|
|
|
do_signssl()
|
|
|
|
|
{
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ "$type_name" == "-camiddle" ]; then
|
2018-11-13 17:03:20 +08:00
|
|
|
do_middle
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
if [ "$type_name" == "-entity" ]; then
|
|
|
|
|
do_entity
|
|
|
|
|
exit
|
|
|
|
|
fi
|
2018-11-16 14:43:36 +08:00
|
|
|
if [ "$type_name" == "-caroot" ]; then
|
|
|
|
|
do_caroot
|
|
|
|
|
exit
|
|
|
|
|
fi
|
2019-01-04 17:26:50 +08:00
|
|
|
if [ "$type_name" == "-csr" ]; then
|
|
|
|
|
do_csr
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
echo "unknow command"
|
2018-11-13 17:03:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_check
|
|
|
|
|
do_mkdir
|
|
|
|
|
do_signssl
|
|
|
|
|
|
