FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools


Top     SiteMap

Sidebar


Top     SiteMap

Manager Server

Target Server

$FHHOME/bin/xxx.sh | xxxx.exp













.

fhscripts:create:create_sslsan_csr_key.sh.html



FastHandle Scripts

Creating SSL SAN CSR and Key with one-line

What is create_sslsan_csr_key.sh

$FHHOME/fhscripts/create_ssl_csr_key.sh

  • Creating SSL SAN CSR and Key
  • If you want to create a Self-Signed CSR, you must use this create_sslsan_csr_key.sh .
    Because from Chrome 58 onwards, you must use SSL SAN.

How to use

$ create_sslsan_csr_key.sh  www.example.com www1.example.com

Example Output

$ create_sslsan_csr_san.sh www.example.com test.example.com
Generating a 2048 bit RSA private key
............+++
..............+++
writing new private key to 'www.example.com.key'
-----
==========================================================
Check
==========================================================
# ls -ltrh  www.example.com* |tail -n 2
-rw-r--r-- 1 root root 1.7K Feb 24 00:55 www.example.com.key
-rw-r--r-- 1 root root 1.1K Feb 24 00:55 www.example.com.csr

#openssl req -text -in www.example.com.csr |grep -E "Subject:|DNS" |grep -v Key
        Subject: C=JP, ST=Tokyo, L=Shibuya-ku, O=Example, Inc., OU=IT, CN=www.example.com
                DNS:www.example.com, DNS:test.example.com


create_sslsan_csr_key.sh

$FHHOME/bin/create_sslsan_csr_key.sh

#!/bin/bash
#===============================================
# create_sslsan_csr_key.sh
#
# How to use
#     create_sslsan_csr_key.sh  www.example.com test.example.com
#===============================================

if [ -z $1 ]; then
cat << @
ERROR: \$1 argument is null
How to use:
  create_sslsan_csr_key.sh example.com www.example.com
@
exit 1
fi

C="JP"
ST="Tokyo"
L="Shibuya-ku"
O="Example, Inc."
OU="IT"
CN="$1"


test -f ${CN}.csr && mv ${CN}.csr ${CN}.csr.`date +%Y%m%d_%H%M`
test -f ${CN}.key && mv ${CN}.key ${CN}.key.`date +%Y%m%d_%H%M`


FILE=req.txt

cat > ${FILE} <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C  = ${C}
ST = ${ST}
L  = ${L}
O  = ${O}
OU = ${OU}
CN = ${CN}

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
EOF

NUM=1
for i in $@
do
    echo DNS.${NUM} = $i >> ${FILE}
    NUM=`expr ${NUM} + 1`
done


#Create CSR and Key
openssl req -new -newkey rsa:2048 -nodes -keyout ${CN}.key -out ${CN}.csr -config ${FILE}


#Check CSR
cat << EOF
==========================================================
Check
==========================================================
# ls -ltrh  ${CN}* |tail -n 2
`ls -ltrh ${CN}* |tail -n 2`

#openssl req -text -in ${CN}.csr |grep -E "Subject:|DNS" |grep -v Key
`openssl req -text -in ${CN}.csr |grep -E "Subject:|DNS" |grep -v Key`
EOF






fhscripts/create/create_sslsan_csr_key.sh.html.txt ยท Last modified: 2018/03/29 00:06 by kurihara