Skip to content

Instantly share code, notes, and snippets.

@devpkiconix

devpkiconix/config.sh

Created November 9, 2013 18:10
Show Gist options
  • Save devpkiconix/7388134 to your computer and use it in GitHub Desktop.
Save devpkiconix/7388134 to your computer and use it in GitHub Desktop.
Download ZIP
A simple script to generate all certs needed for creating self-signed CA Certificate, server private key + Certificate, and a client priv key + cert
Raw
config.sh
## -------------------------------------------------------------
## ------------------- CONFIG SECTION BEGIN --------------------
# Passwords
CAPASS=1234 # password for CA priv key
SERVERPASS=1234 # password for server priv key
CLIENTPASS=1234 # password for client priv key
KEYSIZE=2048 # size of keys
ALGO=aes128
OUTPUT_DIR=keys # dir for output files
CERT_VALIDITY=365 # in days
CA_NAME="ROOT CA 4" # CA Name
SERVER_NAME="localhost" # host name
CLIENT_NAME="client 1" # client name
COUNTRY="US"
STATE="CA"
CITY="SF"
ORG="Acme, Inc" # user bacslashes to escape whitespace
CA_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CA_NAME"
SERVER_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$SERVER_NAME"
CLIENT_SUBJECT="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/CN=$CLIENT_NAME"
# File names
CA_KEY_FILE="ca.key"
SERVER_KEY_FILE="server.key"
CLIENT_KEY_FILE="client.key"
SERVER_CSR_FILE="server.csr"
CLIENT_CSR_FILE="client.csr"
CA_CERT_FILE="ca.crt"
SERVER_CERT_FILE="server.crt"
CLIENT_CERT_FILE="client.crt"
## ------------------- CONFIG SECTION END --------------------
## -------------------------------------------------------------
Raw
genkeys.sh
#!/bin/bash
set -e # bail on error
. config.sh # configuration data
mkdir "$OUTPUT_DIR"
cd $OUTPUT_DIR
green=`tput setaf 2`
normal=`tput sgr0`
echo "${green}Generating CA private key...${normal}"
# CA private key
openssl genrsa -$ALGO -passout pass:$CAPASS -out $CA_KEY_FILE $KEYSIZE
# CA Cert
echo "${green}Generating self-signed CA cert...${normal}"
openssl req \
-new -x509 \
-days "$CERT_VALIDITY" \
-key "$CA_KEY_FILE" \
-passin pass:$CAPASS \
-out ca.crt \
-subj "$CA_SUBJECT" > /dev/null
# server private key
echo "${green}Generating server private key...${normal}"
openssl genrsa -$ALGO -passout pass:1234 -out "$SERVER_KEY_FILE" "$KEYSIZE"
#server CSR
echo "${green}Generating server CSR...${normal}"
openssl req -new -key "$SERVER_KEY_FILE" -out "$SERVER_CSR_FILE" -passin pass:$SERVERPASS -subj "$SERVER_SUBJECT"
# sign server cert
echo "${green}Generating server Cert, signed by CA...${normal}"
openssl x509 -req \
-days "$CERT_VALIDITY" \
-in "$SERVER_CSR_FILE" \
-CA "$CA_CERT_FILE" \
-CAkey "$CA_KEY_FILE" \
-passin pass:$CAPASS \
-set_serial 01 \
-out "$SERVER_CERT_FILE"
# client private key
echo "${green}Generating client private key ...${normal}"
openssl genrsa -$ALGO -passout pass:1234 -out "$CLIENT_KEY_FILE" "$KEYSIZE"
#client CSR
echo "${green}Generating client CSR...${normal}"
openssl req -new -key "$CLIENT_KEY_FILE" -out "$CLIENT_CSR_FILE" -passin pass:$CLIENTPASS -subj "$CLIENT_SUBJECT"
# sign client cert
echo "${green}Generating client Cert, signed by CA...${normal}"
openssl x509 -req \
-days "$CERT_VALIDITY" \
-in "$CLIENT_CSR_FILE" \
-CA ca.crt \
-CAkey "$CA_KEY_FILE" \
-passin pass:$CAPASS \
-set_serial 01 \
-out "$CLIENT_CERT_FILE"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment