summaryrefslogtreecommitdiff
path: root/script/signssl.sh
diff options
context:
space:
mode:
Diffstat (limited to 'script/signssl.sh')
-rw-r--r--script/signssl.sh204
1 files changed, 204 insertions, 0 deletions
diff --git a/script/signssl.sh b/script/signssl.sh
new file mode 100644
index 0000000..1c818df
--- /dev/null
+++ b/script/signssl.sh
@@ -0,0 +1,204 @@
+#!/bin/bash
+
+type_name=$1
+name=$2
+
+if [ "${type_name}" == "-caroot" ]; then
+ csrfrom=$3
+ csrname=$4
+ csrkey=$5
+else
+ cafrom=$3
+ caname=$4
+ cakey=$5
+
+ csrfrom=$6
+ csrname=$7
+ csrkey=$8
+fi
+
+san_nam=$9
+
+trap "do_signal" 2
+do_signal()
+{
+ echo "\n"
+ read -p "Terminate theprocess? (y/n): " input
+}
+
+do_clear()
+{
+ if [ -d "./demoCA" ]; then
+ rm -rf ./demoCA
+ fi
+
+ if [ $1 -ne 0 ];then
+ if [ -d "./ca-middle/$2" ]; then
+ rm -rf ./ca-middle/$2
+ fi
+ if [ -d "./entity/$2" ]; then
+ rm -rf ./entity/$2
+ fi
+ if [ -d "./caroot/$2" ]; then
+ rm -rf ./caroot/$2
+ fi
+ if [ -d "./csr/$2" ]; then
+ rm -rf ./csr/$2
+ fi
+ exit
+ fi
+}
+
+do_help()
+{
+ echo ""
+ echo "./signssl -type cert_name -cafrom ca_name key_name -csr csr_name csr_key -san san_nam"
+ echo "usage: ./signssl args"
+ echo " -type - input type "-csr -caroot -camiddle -entity""
+ echo " cert_name - input cert_name "input output cert namae""
+ echo " -cafrom ca_name keyname - input ca_name keyname "input the root cert name and key""
+ echo " -csrfrom csr_name csr_key - input csr_name csr_key "input cert signs request file name and key""
+ echo " san_name - input san_name "When it is an entity cert, input user alternate name""
+ echo ""
+ echo "exanple -csr"
+ echo "./signssl.sh -csr csr_name"
+ echo "example -caroot"
+ echo "./signssl.sh -caroot root_name"
+ echo "example -camiddle"
+ echo "./signssl.sh -camiddle middle_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key"
+ echo "exaple -entity"
+ echo "./signssl.sh -entity entity_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key 163"
+ echo ""
+ exit
+}
+
+do_mkdir()
+{
+ if [ ! -d "./demoCA" ]; then
+ mkdir demoCA
+ mkdir ./demoCA/newcerts
+ touch ./demoCA/index.txt
+ touch ./demoCA/serial
+ echo 0001 >> ./demoCA/serial
+ fi
+}
+
+do_check()
+{
+ if [ "$type_name" == "" ]||[ "$name" == "" ]; then
+ echo "cert type is unkone!"
+ do_help
+ exit
+ fi
+
+ if [ "$type_name" == "-csr" ]; then
+ return
+ fi
+
+ if [ "$type_name" == "-caroot" ]; then
+ return
+ fi
+
+
+ if [ "$csrfrom" == "" ] || [ "$csrname" == "" ] || [ "$csrkey" == "" ]; then
+ echo "input input cert signs request file name and key"
+ do_help
+ exit
+ fi
+
+ if [ "$cafrom" == "" ] || [ "$caname" == "" ] || [ "$cakey" == "" ]; then
+ echo "input certificate name or key is unkone!"
+ do_help
+ exit
+ fi
+
+ if [ "$type_name" == "-entity" ];then
+ if [ "$san_nam" == "" ];then
+ echo "Please enter the san name!"
+ do_help
+ exit
+ fi
+
+ fi
+}
+
+do_middle()
+{
+ if [ ! -d "./ca-middle/${name}" ]; then
+ mkdir -p ca-middle/${name}
+ fi
+ outpath=ca-middle/${name}
+
+ openssl ca -extensions v3_ca -in ${csrname} -out ${outpath}/${name}.cer -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
+ openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
+
+ do_clear $? ${name}
+ cp ${csrkey} ${outpath}
+}
+
+do_entity()
+{
+ if [ ! -d "./entity/${name}" ];then
+ mkdir -p entity/${name}
+ fi
+ outpath=entity/${name}
+
+ openssl ca -in ${csrname} -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${san_nam}.com,DNS:*.${san_nam}.cn")) -out ${outpath}/${name}.cer
+
+ openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
+
+ do_clear $? ${name}
+ cp ${csrkey} ${outpath}
+}
+
+do_caroot()
+{
+ if [ ! -d ".caroot/${name}" ];then
+ mkdir -p caroot/${name}
+ fi
+ outpath=caroot/${name}
+
+ openssl genrsa -out ${outpath}/${name}.key 1024
+ openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
+ openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${outpath}/${name}.key -in ${outpath}/${name}.csr -out ${outpath}/${name}.cer
+ #openssl req -new -x509 -key ca.key -out ca.crt
+ do_clear $? ${name}
+}
+
+do_csr()
+{
+ if [ ! -d "./csr/${name}" ];then
+ mkdir -p csr/${name}
+ fi
+ outpath=csr/${name}
+
+ openssl genrsa -out ${outpath}/${name}.key 1024
+ openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
+ do_clear $? ${name}
+}
+
+do_signssl()
+{
+ if [ "$type_name" == "-camiddle" ]; then
+ do_middle
+ exit
+ fi
+ if [ "$type_name" == "-entity" ]; then
+ do_entity
+ exit
+ fi
+ if [ "$type_name" == "-caroot" ]; then
+ do_caroot
+ exit
+ fi
+ if [ "$type_name" == "-csr" ]; then
+ do_csr
+ exit
+ fi
+ echo "unknow command"
+}
+
+do_check
+do_mkdir
+do_signssl
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 19:01:38 +0000