CA mk cert server

Aus Neobiker's Wiki
Version vom 27. Juni 2008, 20:39 Uhr von Neobiker (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

./scripts/mk_cert_server

#!/bin/sh
#
# $Id: mk_cert_server,v 1.1 2008/06/26 20:35:28 root Exp root $
#
# $Log: mk_cert_server,v $
# Revision 1.1  2008/06/26 20:35:28  root
# Initial revision
#

absolute_dir ()
{
    pushd $1 >/dev/null
    pwd
    popd >/dev/null
}

dir=`dirname $0`
dir=`absolute_dir $dir/..`
pushd $dir

echo ""
echo -n "Server-Cert Name: "
read cert

[ -z "$cert" ] && popd && exit 1

if [ -e private/${cert}Key.pem ]; then
    echo "Error: private/${cert}Key.pem exists!"
    ls -l */${cert}*
    exit 1
fi

echo "--------"
echo "${cert}Key.pem & ${cert}Req.pem ..."
echo ""

openssl req -config openssl.cnf \
            -newkey rsa:1024 \
            -keyout ${cert}Key.pem -keyform PEM \
            -out    ${cert}Req.pem -outform PEM

echo ""
echo -n "Passwort aus ${cert}Key.pem entfernen [y] ? "
read a

if [ -z "$a" -o "$a" == "y" -o "$a" == "Y" ]; then

    openssl rsa < ${cert}Key.pem \
                > ${cert}-Key.pem

    chmod go-rwx ${cert}-Key.pem ${cert}Key.pem
    cp ${cert}-Key.pem private
    mv ${cert}-Key.pem ServerCA/private
fi
cp ${cert}Key.pem private
mv ${cert}Key.pem ServerCA/private

echo "===================="
echo "${cert}Cert.pem  ..."
echo "===================="

openssl ca -config openssl.cnf \
           -name Server_CA \
           -in   ${cert}Req.pem \
           -out  ${cert}Cert.pem

chmod go-rwx ${cert}Cert.pem
cp ${cert}Cert.pem certs
mv ${cert}Cert.pem ServerCA/certs
mv ${cert}Req.pem  ServerCA/private

echo "----------------------------------------------"
echo ""
ls -l certs private
echo ""

popd