149 lines
4.4 KiB
Bash
149 lines
4.4 KiB
Bash
#!/bin/bash
|
|
########################################
|
|
# Author: F. Bischof (frank@meer-web.nl)
|
|
# Version: 1.5.2
|
|
# Date: 02-06-2023
|
|
########################################
|
|
ENCRYPTION="sha256"
|
|
BITS="rsa:2048"
|
|
|
|
function create_csr {
|
|
echo -en "Domain: "; read DOMAIN
|
|
echo -en "Config file (optional): "; read CONFIG
|
|
if [ "${CONFIG}" != "" ]
|
|
then
|
|
openssl req -utf8 -nodes -${ENCRYPTION} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -config ${CONFIG_FILE} -extensions 'req_ext'
|
|
else
|
|
openssl req -utf8 -nodes -${ENCRYPTION} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr
|
|
fi
|
|
echo "CSR ${DOMAIN}.csr created!"
|
|
}
|
|
|
|
function create_ssc {
|
|
echo -en "Domain: "; read DOMAIN
|
|
echo -en "How many years should it be valid: "; read YEARSVALID
|
|
YEARSVALID=$(($YEARSVALID * 365))
|
|
openssl req -x509 -nodes -days ${YEARSVALID} -newkey ${BITS} -keyout ${DOMAIN}.key -out ${DOMAIN}.crt -${ENCRYPTION}
|
|
echo "Self Signed Certificate generated!"
|
|
}
|
|
|
|
function create_pfx {
|
|
echo -en "PFX output filename: "; read PFX_FILE
|
|
echo -en "Domain certificate path: "; read DOMAIN_CERT
|
|
echo -en "Domain key path: "; read DOMAIN_KEY
|
|
echo -en "Intermediate certificate path (optional): "; read INT_CERT
|
|
if [ "${INT_CERT}" != "" ];
|
|
then
|
|
echo -en "Root certificate path: "; read ROOT_CERT
|
|
cat ${INT_CERT} ${ROOT_CERT} > bundle-ca.crt;
|
|
BUNDLE_CERT="bundle-ca.crt"
|
|
openssl pkcs12 -export -in ${DOMAIN_CERT} -out ${PFX_FILE}.pfx -inkey ${DOMAIN_KEY} -certfile ${BUNDLE_CERT}
|
|
else
|
|
openssl pkcs12 -export -in ${DOMAIN_CERT} -out ${PFX_FILE}.pfx -inkey ${DOMAIN_KEY}
|
|
fi
|
|
echo "File ${PFX_FILE}.pfx created!"
|
|
}
|
|
|
|
function extract_pfx {
|
|
echo -en "PFX path: "; read PFX_CERT
|
|
FILENAME="`${PFX_CERT} | sed 's/\.pfx//'`"
|
|
openssl pkcs12 -in ${PFX_CERT} -nocerts -out ${FILENAME}.key -nodes
|
|
openssl pkcs12 -in ${PFX_CERT} -nokeys -out ${FILENAME}.crt
|
|
echo "Files ${FILENAME}.key and ${FILENAME}.crt created from PFX"
|
|
}
|
|
|
|
function remove_pw {
|
|
echo -en "Key path: "; read DOMAIN_KEY
|
|
openssl rsa -in ${DOMAIN_KEY} -out decrypted-${DOMAIN_KEY}
|
|
echo "File decrypted-${DOMAIN_KEY} created!"
|
|
}
|
|
|
|
function create_all {
|
|
echo -en "Domain: "; read DOMAIN
|
|
echo -en "Domain certificate path: "; read DOMAIN_CERT
|
|
echo -en "Domain key path (optional): "; read DOMAIN_KEY
|
|
echo -en "Intermediate certificate path: "; read INT_CERT
|
|
echo -en "Root certificate path: "; read ROOT_CERT
|
|
# Create PEM
|
|
if [ "${DOMAIN_KEY}" != "" ]
|
|
then
|
|
touch ${DOMAIN}.pem
|
|
cat ${DOMAIN_KEY} > ${DOMAIN}.pem
|
|
echo "" >> ${DOMAIN}.pem
|
|
cat ${DOMAIN_CERT} >> ${DOMAIN}.pem
|
|
echo "" >> ${DOMAIN}.pem
|
|
cat ${INT_CERT} >> ${DOMAIN}.pem
|
|
echo "" >> ${DOMAIN}.pem
|
|
cat ${ROOT_CERT} >> ${DOMAIN}.pem
|
|
echo "" >> ${DOMAIN}.pem
|
|
sed '/^$/d' -i ${DOMAIN}.pem
|
|
echo "${DOMAIN}.pem (key, domain, intermediate, root) created"
|
|
fi
|
|
# Create BUNDLE-CA
|
|
touch bundle-ca.crt
|
|
cat ${INT_CERT} >> bundle-ca.crt
|
|
echo "" >> bundle-ca.crt
|
|
cat ${ROOT_CERT} >> bundle-ca.crt
|
|
sed '/^$/d' -i bundle-ca.crt
|
|
echo "bundle-ca created (intermediate, root)"
|
|
# Create domain bundle
|
|
touch bundle.crt
|
|
cat ${DOMAIN_CERT} >> bundle.crt
|
|
echo "" >> bundle.crt
|
|
cat ${INT_CERT} >> bundle.crt
|
|
echo "" >> bundle.crt
|
|
cat ${ROOT_CERT} >> bundle.crt
|
|
echo "" >> bundle.crt
|
|
sed '/^$/d' -i bundle.crt
|
|
echo "bundle.crt (domain, intermediate, root) created"
|
|
}
|
|
|
|
function decode_csr {
|
|
echo -en "CSR path: "; read CSR_PATH
|
|
openssl req -in ${CSR_PATH} -noout -text
|
|
}
|
|
|
|
function decode_crt {
|
|
echo -en "CRT path: "; read CRT_PATH
|
|
openssl x509 -in ${CRT_PATH} -text -noout
|
|
}
|
|
|
|
function match_crtkey {
|
|
echo -en "CRT path: "; read CRT_PATH
|
|
echo -en "KEY path: "; read KEY_PATH
|
|
CRT_HASH="`openssl x509 -in ${CRT_PATH} -pubkey -noout -outform pem | sha256sum`"
|
|
KEY_HASH="`openssl pkey -in ${KEY_PATH} -pubout -outform pem | sha256sum`"
|
|
if [ "${CRT_HASH}" == "${KEY_HASH}" ]
|
|
then
|
|
echo -e "\nCertificate and key matching"
|
|
else
|
|
echo -e "\nCertificate and key are NOT matching!"
|
|
fi
|
|
}
|
|
|
|
# Show options menu
|
|
echo "1. Create self signed certificate"
|
|
echo "2. Create CSR";
|
|
echo "3. Create PFX file"
|
|
echo "4. Extract PFX to CRT/KEY"
|
|
echo "5. Create CA-Bundle and PEM files"
|
|
echo "6. Remove password from KEY file"
|
|
echo "7. Decode CSR"
|
|
echo "8. Decode CRT"
|
|
echo "9. Match CRT/KEY"
|
|
echo -en "Option: "; read OPTION
|
|
|
|
case ${OPTION} in
|
|
1) create_ssc ;;
|
|
2) create_csr ;;
|
|
3) create_pfx ;;
|
|
4) extract_pfx ;;
|
|
5) create_all ;;
|
|
6) remove_pw ;;
|
|
7) decode_csr ;;
|
|
8) decode_crt ;;
|
|
9) match_crtkey ;;
|
|
*) echo "Invalid option, exiting!"; exit 2;;
|
|
esac
|
|
exit 0
|