summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr27
-rwxr-xr-xscripts/mkreq95
2 files changed, 122 insertions, 0 deletions
diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr
new file mode 100644
index 0000000..7b54703
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqTCCApECAQAwNzELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRgwFgYD
+VQQDEw93ZWItYTEuc3VuZXQuc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQC3Sa7MgalFU9YbGwCfR3Bz+a5/Nv4gkuF3vY0fMA5Q7Rh1QfvRoDXLx77z
+6xy57SzAH/lkS0HFfs994zuspzbJT8B3n1PA/BANtJM/frLzZqaq0/BDCvQKWO1b
+8w03IzOR73H/vim7Hrc0cSj1rO49oD/BaM81oW45BeGJBwxniXX/MbknBjC+iSr+
+hlDW05iNOjtcQudS/YpZQ0YVozWBntpCgzPiv+yWDSYWrs3049TH4Uvh6QlrNeN1
+Ji17Al3j/B7Wf16CLCwJ1urTx/jGLUABkVfJDwjE/kipHvryzrRfb/8Qs1jDmxyL
+kCLlCPscv1PXfd2pOKcTVyP7mTVWfeYsW/FwBDSdA3xXkOaeB3GjHmULS3X/2APC
+Sy4crtsvn9mlCXHxKrAq9wI/UBHMaW5MqnZNU5VLJ/EpNju5OBdAtypMmNtYuivS
+e+lKVJJDYl915Licq6k8o5sX0b3y9EEJpwnx9cMRxx37C395cd9FvKheqdS3hXAY
+iEBYsUZ3dZ4RWA3R/IeiTSCUn3xY0OFqWE34owTk9cOYbtpAlIoOb9IU2q+bwTRQ
+UVp7qWE5K/rlR8qf4qsjEdIKb4suXc3poVJfq0em/LWIfmXF1CIU7F0nL0tQf+Tu
+aXjoWco7M3f3X1+OitV6fkx6rkNxVQFBFwUBw1TY3E8LomdR0QIDAQABoC0wKwYJ
+KoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg93ZWItYTEuc3VuZXQuc2UwDQYJKoZI
+hvcNAQELBQADggIBAI3czCXuI0tTFM3k9wxlRFZmwHTeTPHEBsD5/yjYcmC+FCQP
+tr2wRbkY8Y26vfTByeOvgzr2Hn4DDW16L0WhoL9bM257oq+l7V71kMbKquWTnj8O
+edXF3REWeF+2DSCT1opvsi2LgNAtrNoKn9f8OHW1BiZ7+PRiNy4wxg65TqzUB2fC
+STVdv1blLfg4hijGHNEqQZM3ad3iMAJ8B3kC4Mex5T7ISEv+2+ha1/+yjPgn1P+9
+8KxJfvCu24PEY+EqtKFD4khUWv9zoa+xChQCbbKA00BqD1hJRbomLnM0ANFA4rDs
+xrKE8BVtVYSglt/w/57iWhSUGa0tJvtldHzqFSnPnrPt5SvKEDu631Jey+8w8Zfj
+XkSCbRqZftyPpcMbgbb9AKNL2FNy8sPEnkxVD6NtTiPImUHj5xVJXjm0KA6j8NOf
+hD1ZFVn1h+BRwy3PqvcCV5mMazXyOttupYUuntjrVV/xJRoySMaKNmj1B6YrAIlb
+JXybNKVPT8HIWdi0dn+pzT2r/ymIGEmzpFF0IYOtWGGKKFa9m1qFiYR0iYxBe0GK
+veH6C64JaABZGaIKWAuwAf1TnyF+B9kyiKCu75MDj8P8y28harGXCyy2Iq3MipbC
+kLBg9xC8QT7U9Jyl9TgZxpbM4Bh7qxXeryn0FIIvgfXoPrwIKXqQyrXfa6U8
+-----END CERTIFICATE REQUEST-----
diff --git a/scripts/mkreq b/scripts/mkreq
new file mode 100755
index 0000000..4493867
--- /dev/null
+++ b/scripts/mkreq
@@ -0,0 +1,95 @@
+#!/bin/sh
+
+host="$1"; shift
+ca_host="ca.sunet.se"
+ca_name="infra"
+type=""
+
+usage ()
+{
+ echo "\
+Usage: mkreq [-v] [-s*] [-c] [-C <ca host>] [-N <ca name>] [--] <fqdn>
+
+
+ -h, --help show this help text and exit
+ -s request server cert (default if <fqdn> exists in cosmos repo)
+ -c request client cert
+ -C ca host (ca.sunet.se)
+ -N ca name (infra)
+
+ <fqdn> fully qualified name of host
+
+" 1>&2
+}
+
+{
+ while test $# -gt 0; do
+ case "$1" in
+ -s)
+ type="server"
+ ;;
+ -c)
+ type="client"
+ ;;
+ -C)
+ ca_host="$2"
+ shift
+ ;;
+ -N)
+ ca_name="$2"
+ shift
+ ;;
+ -h)
+ usage
+ exit 0
+ ;;
+ --)
+ break
+ ;;
+ esac
+ shift
+ done
+}
+
+if [ -d $host -a -z $type ]; then
+ type="server"
+fi
+
+
+cfg=`mktemp`
+key="/tmp/$host.key"
+csr="/tmp/$host.csr"
+
+trap 'rm -f $cfg' EXIT
+
+cat>$cfg<<EOC
+[ req ]
+default_bits = 4096
+distinguished_name = req_distinguished_name
+req_extensions = req_extensions
+prompt = no
+
+[ req_distinguished_name ]
+C = SE
+O = SUNET
+CN = $host
+
+[ req_extensions ]
+subjectAltName = DNS:$host
+EOC
+
+reqs="$ca_host/overlay/var/lib/ca/$ca_name/requests/$type"
+if [ ! -d $reqs ]; then
+ echo "*** ERROR - missing request directory $reqs"
+ exit 1
+fi
+
+openssl req -config $cfg -new -newkey rsa:4096 -sha256 -keyout $key -nodes -out $csr
+mv $csr "$reqs/$host.csr"
+git add "$reqs/$host.csr" && git commit -m "certification request for $host from $ca_host:$ca_name"
+
+if [ -d $host ]; then
+ ssh root@$host mkdir -p /etc/ssl/private && scp "$key" "root@$host:/etc/ssl/private/${host}_${ca_name}.key" && rm -f "$key" && echo "** private key given to $host" || echo "** private key left in $key - should be in root@$host:/etc/ssl/private/${host}_${ca_name}.key"
+fi
+
+echo "** successfully generated key and certification request for $host from $ca_host:$ca_name"