From c3d6eb87a9de5f2c146aefcaa28f41b67ff4de51 Mon Sep 17 00:00:00 2001 From: Frank Bischof Date: Thu, 29 Dec 2022 09:34:34 +0100 Subject: [PATCH] Adding 1.4.0 --- README.md | 34 ++++++++++++- certgen.sh | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+), 2 deletions(-) create mode 100644 certgen.sh diff --git a/README.md b/README.md index 85bdc7b..99d73fe 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,32 @@ -# certgen -Certificate Generator +# Certificate Generator + +## Howto +certgen {domain.tld} [domain.config] + +## Description +1. Create self signed certificate + Create a self signed certificate in a simple step. + +2. Create CSR + Create a CSR file. + +3. Create PFX file + Create a PFX file from a CRT, KEY and CHAIN. + +4. Extract PFX to CRT/KEY + Extract CRT and KEY from a PFX file. + +5. Create CA-Bundle and PEM files + Create a CA-Bundle file and full chained PEM files. + +6. Remove password from KEY file + If a KEY file contains a password you can remove it here. + +7. Decode CSR + Show the content of a CSR file. + +8. Decode CRT + Show the content of a CRT file. + +9. Match CRT/KEY + Check if a CRT and KEY belong together. \ No newline at end of file diff --git a/certgen.sh b/certgen.sh new file mode 100644 index 0000000..7e8ef44 --- /dev/null +++ b/certgen.sh @@ -0,0 +1,147 @@ +#!/bin/bash +######################################## +# Author: F. Bischof (frank@meer-web.nl) +# Version: 1.4.0 +# Date: 29-12-2022 +######################################## +ENCRYPTION="sha256" +BITS="rsa:2048" + +function create_csr { + if [ "${CONFIG}" != "" ] + then + openssl req -utf8 -nodes -${ENCRYPTION} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -config ${CONFIG_FILE} -extensions 'req_ext' + else + openssl req -utf8 -nodes -${ENCRYPTION} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr + fi + echo "CSR ${DOMAIN}.csr created!" +} + +function create_ssc { + echo -en "How many years should it be valid: "; read YEARSVALID + YEARSVALID=$(($YEARSVALID * 365)) + openssl req -x509 -nodes -days ${YEARSVALID} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.crt -${ENCRYPTION} + echo "Self Signed Certificate generated!" +} + +function create_pfx { + echo -en "Domain certificate path: "; read DOMAIN_CERT + echo -en "Domain key path: "; read DOMAIN_KEY + echo -en "Intermediate certificate path (optional): "; read INT_CERT + if [ "${INT_CERT}" != "" ]; + then + echo -en "Root certificate path: "; read ROOT_CERT + cat ${INT_CERT} ${ROOT_CERT} > bundle-ca.crt; BUNDLE_CERT="bundle-ca.crt" + openssl pkcs12 -export -in ${DOMAIN_CERT} -out ${DOMAIN}.pfx -inkey ${DOMAIN_KEY} -certfile ${BUNDLE_CERT} + else + openssl pkcs12 -export -in ${DOMAIN_CERT} -out ${DOMAIN}.pfx -inkey ${DOMAIN_KEY} + fi + echo "File ${DOMAIN}.pfx created!" +} + +function extract_pfx { + echo -en "PFX path: "; read PFX_CERT + openssl pkcs12 -in ${PFX_CERT} -nocerts -out ${DOMAIN}.key -nodes + openssl pkcs12 -in ${PFX_CERT} -nokeys -out ${DOMAIN}.crt + echo "Files ${DOMAIN}.key and ${DOMAIN}.crt created from PFX" +} + +function remove_pw { + echo -en "Domain key path (optional): "; read DOMAIN_KEY + openssl rsa -in ${DOMAIN_KEY} -out decrypted-${DOMAIN_KEY} + echo "File decrypted-${DOMAIN_KEY} created!" +} + +function create_all { + echo -en "Domain certificate path: "; read DOMAIN_CERT + echo -en "Domain key path (optional): "; read DOMAIN_KEY + echo -en "Intermediate certificate path: "; read INT_CERT + echo -en "Root certificate path: "; read ROOT_CERT + # Create PEM + if [ "${DOMAIN_KEY}" != "" ] + then + touch ${DOMAIN}.pem + cat ${DOMAIN_KEY} > ${DOMAIN}.pem + cat ${DOMAIN_CERT} >> ${DOMAIN}.pem + cat ${INT_CERT} >> ${DOMAIN}.pem + cat ${ROOT_CERT} >> ${DOMAIN}.pem + echo "${DOMAIN}.pem (key, domain, intermediate, root) created" + fi + # Create BUNDLE-CA + touch bundle-ca.crt + cat ${INT_CERT} >> bundle-ca.crt + cat ${ROOT_CERT} >> bundle-ca.crt + echo "bundle-ca created (intermediate, root)" + # Create domain bundle + touch bundle.crt + cat ${DOMAIN_CERT} >> bundle.crt + cat ${INT_CERT} >> bundle.crt + cat ${ROOT_CERT} >> bundle.crt + echo "bundle.crt (domain, intermediate, root) created" + + +} + +function decode_csr { + echo -en "CSR path: "; read CSR_PATH + openssl req -in ${CSR_PATH} -noout -text +} + +function decode_crt { + echo -en "CRT path: "; read CRT_PATH + openssl x509 -in ${CRT_PATH} -text -noout +} + +function match_crtkey { + echo -en "CRT path: "; read CRT_PATH + echo -en "KEY path: "; read KEY_PATH + CRT_HASH="`openssl x509 -in ${CRT_PATH} -pubkey -noout -outform pem | sha256sum`" + KEY_HASH="`openssl pkey -in ${KEY_PATH} -pubout -outform pem | sha256sum`" + if [ "${CRT_HASH}" == "${KEY_HASH}" ] + then + echo -e "\nCertificate and key matching" + else + echo -e "\nCertificate and key are NOT matching!" + fi +} + +if [ "$1" == '--help' ]; +then + echo "Usage: $0 [domain.tld] [config]" + exit 0 +fi + +if [ "$1" == '' ] +then + echo -en "Domain: " + read DOMAIN + exit +else + DOMAIN=$1 + CONFIG_FILE=$2 + # Show options menu + echo "1. Create self signed certificate" + echo "2. Create CSR"; + echo "3. Create PFX file" + echo "4. Extract PFX to CRT/KEY" + echo "5. Create CA-Bundle and PEM files" + echo "6. Remove password from KEY file" + echo "7. Decode CSR" + echo "8. Decode CRT" + echo "9. Match CRT/KEY" + echo -en "Option: "; read OPTION +fi + +case ${OPTION} in + 1) create_ssc ;; + 2) create_csr ;; + 3) create_pfx ;; + 4) extract_pfx ;; + 5) create_all ;; + 6) remove_pw ;; + 7) decode_csr ;; + 8) decode_crt ;; + 9) match_crtkey ;; + *) echo "Invalid option, exiting!"; exit 2;; +esac +exit 0