bamzi · August 29, 2015 14:25
diff --git a/csr.sh b/csr.sh
 #!/bin/sh
 # csr.sh: Certificate Signing Request Generator
 # Copyright(c) 2005 Evaldo Gardenali <evaldo@gardenali.biz>,
 # Copyright(c) 2010 Mark Janssen <mark@ch.tudelft.nl>
 # All rights reserved.
 #
 # REFER TO https://gist.github.com/praseodym/8186510 FOR UPDATES
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "ASIS"
 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
 # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 # POSSIBILITY OF SUCH DAMAGE.
 #
 # ChangeLog:
 # Mon May 23 00:14:37 BRT 2005 - evaldo - Initial Release
 # Sun Dec 19 15:54:54 CET 2010 - mark   - CH customizations

 # be safe about permissions
 LASTUMASK=`umask`
 umask 077

 # create a config file for openssl
 CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
 if [ ! $? -eq 0 ]; then
    echo "Could not create temporary config file. exiting"
    exit 1
 fi

 echo "Private Key and Certificate Signing Request Generator"
 echo
 printf "Short Hostname (ie. rob herman hendrik): "
 read HOST
 printf "FQDN/CommonName (ie. www.example.com, herman.chnet): "
 read COMMONNAME

 echo "Type SubjectAltNames for the certificate, one per line."
 echo "Don't forget to include the CN. Enter a blank line to finish."
 SAN=1        # bogus value to begin the loop
 SANAMES=""   # sanitize
 while [ ! "$SAN" = "" ]; do
    printf "SubjectAltName: DNS:"
    read SAN
    if [ "$SAN" = "" ]; then break; fi # end of input
    if [ "$SANAMES" = "" ]; then
        SANAMES="DNS:$SAN"
    else
        SANAMES="$SANAMES,DNS:$SAN"
    fi
 done

 # Config File Generation

 cat <<EOF > $CONFIG
 # -------------- BEGIN custom openssl.cnf -----
 HOME                    = $HOME
 EOF

 cat <<EOF >> $CONFIG
 oid_section             = new_oids
 [ new_oids ]
 [ req ]
 default_days            = 730            # how long to certify for
 default_keyfile         = $HOME/${HOST}.key
 distinguished_name      = req_distinguished_name
 encrypt_key             = no
 string_mask = nombstr
 EOF

 if [ ! "$SANAMES" = "" ]; then
    echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG
 fi

 cat <<EOF >> $CONFIG
 [ req_distinguished_name ]

 countryName			= Country Name (2 letter code)
 countryName_default		= NL
 countryName_min		= 2
 countryName_max		= 2
 
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= Zuid-Holland
 
 localityName			= Locality Name (eg, city)
 localityName_default		= Delft

 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= W.I.S.V. \'Christiaan Huygens\'
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 organizationalUnitName_default	= Beheer

 commonName			= Common Name (eg, YOUR name)
 commonName_default		= $COMMONNAME
 commonName_max			= 64
 
 emailAddress			= Email Address
 emailAddress_max		= 40
 emailAddress_default		= beheer@ch.tudelft.nl

 [ v3_req ]
 EOF

 if [ ! "$SANAMES" = "" ]; then
    echo "subjectAltName=$SANAMES" >> $CONFIG
 fi

 echo "# -------------- END custom openssl.cnf -----" >> $CONFIG

 echo "Running OpenSSL..."
 openssl req -batch -config $CONFIG -newkey rsa:2048 -sha256 -out $HOME/${HOST}.csr
 echo "Copy the following Certificate Request and sign it to obtain a Certificate."
 echo "When you receive your certificate, you should name it something like ${HOST}.crt"
 echo
 cat $HOME/${HOST}.csr
 echo
 echo The Certificate request is also available in $HOME/${HOST}.csr
 echo The Private Key is stored in $HOME/${HOST}.key
 echo

 rm $CONFIG

 #restore umask
 umask $LASTUMASK
	#!/bin/sh
	# csr.sh: Certificate Signing Request Generator
	# Copyright(c) 2005 Evaldo Gardenali <evaldo@gardenali.biz>,
	# Copyright(c) 2010 Mark Janssen <mark@ch.tudelft.nl>
	# All rights reserved.
	#
	# REFER TO https://gist.github.com/praseodym/8186510 FOR UPDATES
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions
	# are met:
	# 1. Redistributions of source code must retain the above copyright
	# notice, this list of conditions and the following disclaimer.
	# 2. Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "ASIS"
	# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
	# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	# POSSIBILITY OF SUCH DAMAGE.
	#
	# ChangeLog:
	# Mon May 23 00:14:37 BRT 2005 - evaldo - Initial Release
	# Sun Dec 19 15:54:54 CET 2010 - mark - CH customizations

	# be safe about permissions
	LASTUMASK=`umask`
	umask 077

	# create a config file for openssl
	CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
	if [ ! $? -eq 0 ]; then
	echo "Could not create temporary config file. exiting"
	exit 1
	fi

	echo "Private Key and Certificate Signing Request Generator"
	echo
	printf "Short Hostname (ie. rob herman hendrik): "
	read HOST
	printf "FQDN/CommonName (ie. www.example.com, herman.chnet): "
	read COMMONNAME

	echo "Type SubjectAltNames for the certificate, one per line."
	echo "Don't forget to include the CN. Enter a blank line to finish."
	SAN=1 # bogus value to begin the loop
	SANAMES="" # sanitize
	while [ ! "$SAN" = "" ]; do
	printf "SubjectAltName: DNS:"
	read SAN
	if [ "$SAN" = "" ]; then break; fi # end of input
	if [ "$SANAMES" = "" ]; then
	SANAMES="DNS:$SAN"
	else
	SANAMES="$SANAMES,DNS:$SAN"
	fi
	done

	# Config File Generation

	cat <<EOF > $CONFIG
	# -------------- BEGIN custom openssl.cnf -----
	HOME = $HOME
	EOF

	cat <<EOF >> $CONFIG
	oid_section = new_oids
	[ new_oids ]
	[ req ]
	default_days = 730 # how long to certify for
	default_keyfile = $HOME/${HOST}.key
	distinguished_name = req_distinguished_name
	encrypt_key = no
	string_mask = nombstr
	EOF

	if [ ! "$SANAMES" = "" ]; then
	echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG
	fi

	cat <<EOF >> $CONFIG
	[ req_distinguished_name ]

	countryName = Country Name (2 letter code)
	countryName_default = NL
	countryName_min = 2
	countryName_max = 2

	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = Zuid-Holland

	localityName = Locality Name (eg, city)
	localityName_default = Delft

	0.organizationName = Organization Name (eg, company)
	0.organizationName_default = W.I.S.V. \'Christiaan Huygens\'

	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = Beheer

	commonName = Common Name (eg, YOUR name)
	commonName_default = $COMMONNAME
	commonName_max = 64

	emailAddress = Email Address
	emailAddress_max = 40
	emailAddress_default = beheer@ch.tudelft.nl

	[ v3_req ]
	EOF

	if [ ! "$SANAMES" = "" ]; then
	echo "subjectAltName=$SANAMES" >> $CONFIG
	fi

	echo "# -------------- END custom openssl.cnf -----" >> $CONFIG

	echo "Running OpenSSL..."
	openssl req -batch -config $CONFIG -newkey rsa:2048 -sha256 -out $HOME/${HOST}.csr
	echo "Copy the following Certificate Request and sign it to obtain a Certificate."
	echo "When you receive your certificate, you should name it something like ${HOST}.crt"
	echo
	cat $HOME/${HOST}.csr
	echo
	echo The Certificate request is also available in $HOME/${HOST}.csr
	echo The Private Key is stored in $HOME/${HOST}.key
	echo

	rm $CONFIG

	#restore umask
	umask $LASTUMASK
No results found