/[pdpsoft]/trunk/agiletestbed/make-terena-req.sh
ViewVC logotype

Annotation of /trunk/agiletestbed/make-terena-req.sh

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2393 - (hide annotations) (download) (as text)
Thu Aug 4 08:33:23 2011 UTC (10 years, 10 months ago) by dennisvd
File MIME type: application/x-shellscript
File size: 1733 byte(s)
script to generate TERENA eScience SSL CA requests
1 dennisvd 2393 #!/bin/sh
2    
3     # Generate a Terena eScience Server CA compliant CSR.
4    
5     if [ $# -lt 1 ]; then
6     echo "Usage: $0 hostname [ hostname ... ]" >&2
7     exit 1
8     fi
9    
10     generatedcsrs=
11    
12     until [ $# -eq 0 ]; do
13    
14     # hostname to use in the request
15     hostname=$1
16     shift
17    
18     # generate each request in its own subdirectory
19     if [ ! -d "$hostname" ]; then
20     mkdir "$hostname"
21     fi
22    
23     # be mindful of existing files; reuse the newkey.pem file if it
24     # exists, otherwise openssl will generate it.
25     key="$hostname/newkey.pem"
26     if [ -r "$key" ]; then
27     # reuse it
28     usekey="-key $key"
29     else
30     # let openssl generate it
31     usekey=""
32     fi
33    
34     # don't overwrite existing requests
35     csr="$hostname/newrequest.csr"
36     if [ -f "$csr" ]; then
37     echo "ERROR: $csr already exists, not generating a new request" >&2
38     continue
39     fi
40    
41     # at this point, we're definitely going to create a new request
42     # we need to generate an openssl cnf file specific to the request.
43    
44     cat > "$hostname/newrequest.cnf" <<EOF
45     [ req ]
46     default_bits = 2048
47     default_keyfile = $hostname/newkey.pem
48     distinguished_name = req_distinguished_name
49     req_extensions = v3_ext
50     prompt = no
51    
52     [ req_distinguished_name ]
53     0.C = NL
54     1.O = Stichting FOM
55     2.OU = Nikhef
56     CN = $hostname
57    
58     [ v3_ext ]
59    
60     subjectAltName = DNS:$hostname
61    
62     EOF
63    
64     openssl req -nodes -new -out "$csr" -text $usekey -config "$hostname/newrequest.cnf"
65     if [ $? -eq 0 ]; then
66     generatedcsrs="$generatedcsrs
67     $csr"
68     else
69     echo "ERR: openssl req failed." >&2
70     echo "Failed command: 'openssl req -nodes -new -out $csr -text $usekey -config $hostname/newrequest.cnf'"
71     continue
72     fi
73    
74     done
75    
76    
77     echo "Done. Generated CSRs:$generatedcsrs"
78    
79    
80    

Properties

Name Value
svn:executable *

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28