/[pdpsoft]/nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.tcsg4-tools/trunk/tcsg4-request.sh
ViewVC logotype

Contents of /nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.tcsg4-tools/trunk/tcsg4-request.sh

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3287 - (show annotations) (download) (as text)
Tue Jun 9 14:53:27 2020 UTC (19 months, 1 week ago) by davidg
File MIME type: application/x-shellscript
File size: 4167 byte(s)
usage help text fix

1 #! /bin/sh
2 #
3 # @(#)$Id$
4 #
5 #
6
7 bits=2048
8 key=rsa
9 force=0
10
11 # ############################################################################
12 # usage help and instructions
13 #
14 help() { cat <<EOF
15 Usage: tcsg4-request.sh [-d destdir] hostname [hostname ...]
16
17 -d destdir write result files to <destdir>
18 (default: ./tcs-<hostname>/)
19 -b bits use <bits> for RSA key length (default: 2048) or curve for
20 ECC (e.g. "prime256v1", set explicitly)
21 -f | --force overwrite existing files
22 -E | --ecc generate ECC cert (remember to set -b to the curve!)
23
24 hostname hostname (FQDN) to be included in the request
25 Any literal string "WILDCARD" will be replaced by
26 a "*" in the hostname - it should ONLY be included as
27 the first element of the fqdn, and MUST be on its own
28 (the list of hostnames may be separated by spaces or commas)
29
30 EOF
31 return;
32 }
33
34 # ############################################################################
35 #
36 while [ $# -gt 0 ]; do
37 case "$1" in
38 -b | --bits ) bits="$2"; shift 2 ;;
39 -E | --ecc ) key="ecc"; shift ;;
40 -f | --force ) force=1; shift ;;
41 -d | --destination ) destdir="$2"; shift 2 ;;
42 -* ) echo "Unknown option $1, exiting" >&2 ; exit 1 ;;
43 * ) break ;;
44 esac
45 done
46
47 case "$#" in
48 0 ) help
49 exit 1
50 ;;
51 * ) break ;;
52 esac
53
54 hn=`echo $1 | sed -e 's/[,\ ]//g'`
55 domain=$hn
56
57 case "$domain" in
58 [a-zA-Z][-a-zA-Z0-9\.][-a-zA-Z0-9\.]* ) ;;
59 * ) echo "Invalid domain name '$domain', exiting." >&2 ; exit 1 ;;
60 esac
61
62 destdir="${destdir:-tcs-$domain}"
63
64 echo "Creating request for $domain in $destdir"
65
66 if [ -d "$destdir" -a $force -eq 0 ]; then
67 echo "Directory $destdir for $domain already exists, exiting." >&2
68 echo "use --force to override" >&2
69 exit 1
70 fi
71
72 alt=""
73 while [ x"$1" != x"" ] ; do
74 if [ x"$alt" != x"" ]; then
75 alt="$alt,"
76 fi
77 hn=`echo $1 | sed -e 's/[,\ ]//g'`
78 alt="${alt}DNS:$hn"
79 shift
80 done
81
82 filebase="$domain"
83
84 domain=`echo $domain | sed -e 's/WILDCARD/\*/g'`
85 alt=`echo $alt | sed -e 's/WILDCARD/\*/g'`
86
87 echo "----------------------------------------------------------------------"
88 echo "Requesting certificate for $domain in $destdir"
89 echo " SAN dNSNames: $alt"
90
91 fn=`mktemp /tmp/request.cnf.XXXXXX`
92
93 cat <<EOF > $fn
94 [ req ]
95 default_bits = 0
96 default_keyfile = $destdir/key-$filebase.pem
97 distinguished_name = req_distinguished_name
98 attributes = req_attributes
99 prompt = no
100 req_extensions = v3_req
101 default_md = sha256
102
103 [ req_distinguished_name ]
104 CN = $domain
105
106 [ v3_req ]
107 subjectAltName = $alt
108
109 [ req_attributes ]
110 EOF
111
112 echo "Written cnf file to $fn"
113
114 mkdir -p "$destdir" 2>/dev/null
115 if [ ! -d "$destdir" ]; then
116 echo "Directory $destdir cannot be found or created, exiting." >&2
117 exit 1
118 fi
119
120 # generate the keyfile first
121 case "$key" in
122 rsa )
123 openssl genpkey -out "$destdir/key-$filebase.pem" -outform pem -algorithm rsa -pkeyopt rsa_keygen_bits:$bits
124 ;;
125 ecc )
126 [ "$bits" -gt 0 ] >/dev/null 2>&1
127 if [ $? -eq 0 ]; then
128 # bits was not set for ECC, revert to default
129 echo "!!! value of bits invalid for ECC, set to default prime256v1" >&2
130 bits="prime256v1"
131 fi
132 openssl genpkey -out "$destdir/key-$filebase.pem" -outform pem -algorithm ec -pkeyopt ec_paramgen_curve:$bits
133 ;;
134 * )
135 echo "Unknown key type (internal error): $key" >&2
136 exit 1
137 ;;
138 esac
139
140 openssl req \
141 -nodes \
142 -config $fn \
143 -new -key "$destdir/key-$filebase.pem" \
144 -out "$destdir/request-$filebase.pem"
145
146 openssl req -in "$destdir/request-$filebase.pem" -text -out "$destdir/request-$filebase.txt"
147
148 chmod 0600 "$destdir/key-$filebase.pem"
149 mv "$fn" "$destdir/config-$filebase.cnf"
150
151 echo "----------------------------------------------------------------------"
152 echo "Domain name CN = $domain"
153 echo "SubjectAltNames = $alt"
154 echo "Key length $key = $bits"
155
156 cat "$destdir/request-$filebase.pem"
157
158 echo "----------------------------------------------------------------------"
159 echo "left request in $destdir/request-$filebase.pem"

Properties

Name Value
svn:executable *

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28