At work I need to request TLS certificates quite often. I wanted to faciliate the process a bit and therefore I have written my personal helping wrappers for creating certificate requests and packing the certs into PKCS12 containers.
When I request a certificate the main attributes stay the same all the time, so I dont want to write them every time again. Thats why I put together a script to aid me with this task:
#!/bin/bash
USAGE="$0: hostname"
if [[ $# -lt 1 ]] || [[ $# -gt 1 ]]; then echo -e "Error: The host name is required.\n$USAGE" >&2; exit 1; fi
KEYFILE="$1.key"
CSRFILE="$1.csr"
read -p "Organizational Unit Name [MyOU]: " OU
read -p "CommonName: " CN
OU=${OU:-MyOU}
openssl req -nodes -newkey rsa:4096 -keyout "$1.key" -out "$1.csr" -subj "/C=AT/ST=Wien/L=Wien/O=Company/OU=${OU}/CN=${CN}"
openssl req -noout -text -in $1.csr | grep Subject:
I take the csr and request the signed cert from our CA. If I need a PKCS12 Container, I past the signed cert and any intermediate into a file and then have a little helper to create the PKCS12 container file:
#!/bin/bash
USAGE="$0: hostname"
if [[ $# -lt 1 ]] || [[ $# -gt 1 ]]; then echo -e "Error: The host name is required.\n$USAGE" >&2; exit 1; fi
if [ ! -e "$1.key" ]; then echo -e "Error: File $1.key does not exists!" >&2; exit 1; fi
if [ ! -e "$1.pem" ]; then echo -e "Error: File $1.pem does not exists!" >&2; exit 1; fi
if [ ! -e "$HOME/SSL/DigiCert.pem" ]; then echo -e "Error: File $HOME/SSL/DigiCert.pem does not exists!" >&2; exit 1; fi
openssl pkcs12 -export -in "$1.pem" -chain -CAfile "$HOME/RootCACert.pem" -name "$1" -inkey "$1.key" -out "$1.p12"