diff options
-rw-r--r-- | ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr | 27 | ||||
-rwxr-xr-x | scripts/mkreq | 95 |
2 files changed, 122 insertions, 0 deletions
diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr new file mode 100644 index 0000000..7b54703 --- /dev/null +++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEqTCCApECAQAwNzELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRgwFgYD +VQQDEw93ZWItYTEuc3VuZXQuc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC3Sa7MgalFU9YbGwCfR3Bz+a5/Nv4gkuF3vY0fMA5Q7Rh1QfvRoDXLx77z +6xy57SzAH/lkS0HFfs994zuspzbJT8B3n1PA/BANtJM/frLzZqaq0/BDCvQKWO1b +8w03IzOR73H/vim7Hrc0cSj1rO49oD/BaM81oW45BeGJBwxniXX/MbknBjC+iSr+ +hlDW05iNOjtcQudS/YpZQ0YVozWBntpCgzPiv+yWDSYWrs3049TH4Uvh6QlrNeN1 +Ji17Al3j/B7Wf16CLCwJ1urTx/jGLUABkVfJDwjE/kipHvryzrRfb/8Qs1jDmxyL +kCLlCPscv1PXfd2pOKcTVyP7mTVWfeYsW/FwBDSdA3xXkOaeB3GjHmULS3X/2APC +Sy4crtsvn9mlCXHxKrAq9wI/UBHMaW5MqnZNU5VLJ/EpNju5OBdAtypMmNtYuivS +e+lKVJJDYl915Licq6k8o5sX0b3y9EEJpwnx9cMRxx37C395cd9FvKheqdS3hXAY +iEBYsUZ3dZ4RWA3R/IeiTSCUn3xY0OFqWE34owTk9cOYbtpAlIoOb9IU2q+bwTRQ +UVp7qWE5K/rlR8qf4qsjEdIKb4suXc3poVJfq0em/LWIfmXF1CIU7F0nL0tQf+Tu +aXjoWco7M3f3X1+OitV6fkx6rkNxVQFBFwUBw1TY3E8LomdR0QIDAQABoC0wKwYJ +KoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg93ZWItYTEuc3VuZXQuc2UwDQYJKoZI +hvcNAQELBQADggIBAI3czCXuI0tTFM3k9wxlRFZmwHTeTPHEBsD5/yjYcmC+FCQP +tr2wRbkY8Y26vfTByeOvgzr2Hn4DDW16L0WhoL9bM257oq+l7V71kMbKquWTnj8O +edXF3REWeF+2DSCT1opvsi2LgNAtrNoKn9f8OHW1BiZ7+PRiNy4wxg65TqzUB2fC +STVdv1blLfg4hijGHNEqQZM3ad3iMAJ8B3kC4Mex5T7ISEv+2+ha1/+yjPgn1P+9 +8KxJfvCu24PEY+EqtKFD4khUWv9zoa+xChQCbbKA00BqD1hJRbomLnM0ANFA4rDs +xrKE8BVtVYSglt/w/57iWhSUGa0tJvtldHzqFSnPnrPt5SvKEDu631Jey+8w8Zfj +XkSCbRqZftyPpcMbgbb9AKNL2FNy8sPEnkxVD6NtTiPImUHj5xVJXjm0KA6j8NOf +hD1ZFVn1h+BRwy3PqvcCV5mMazXyOttupYUuntjrVV/xJRoySMaKNmj1B6YrAIlb +JXybNKVPT8HIWdi0dn+pzT2r/ymIGEmzpFF0IYOtWGGKKFa9m1qFiYR0iYxBe0GK +veH6C64JaABZGaIKWAuwAf1TnyF+B9kyiKCu75MDj8P8y28harGXCyy2Iq3MipbC +kLBg9xC8QT7U9Jyl9TgZxpbM4Bh7qxXeryn0FIIvgfXoPrwIKXqQyrXfa6U8 +-----END CERTIFICATE REQUEST----- diff --git a/scripts/mkreq b/scripts/mkreq new file mode 100755 index 0000000..4493867 --- /dev/null +++ b/scripts/mkreq @@ -0,0 +1,95 @@ +#!/bin/sh + +host="$1"; shift +ca_host="ca.sunet.se" +ca_name="infra" +type="" + +usage () +{ + echo "\ +Usage: mkreq [-v] [-s*] [-c] [-C <ca host>] [-N <ca name>] [--] <fqdn> + + + -h, --help show this help text and exit + -s request server cert (default if <fqdn> exists in cosmos repo) + -c request client cert + -C ca host (ca.sunet.se) + -N ca name (infra) + + <fqdn> fully qualified name of host + +" 1>&2 +} + +{ + while test $# -gt 0; do + case "$1" in + -s) + type="server" + ;; + -c) + type="client" + ;; + -C) + ca_host="$2" + shift + ;; + -N) + ca_name="$2" + shift + ;; + -h) + usage + exit 0 + ;; + --) + break + ;; + esac + shift + done +} + +if [ -d $host -a -z $type ]; then + type="server" +fi + + +cfg=`mktemp` +key="/tmp/$host.key" +csr="/tmp/$host.csr" + +trap 'rm -f $cfg' EXIT + +cat>$cfg<<EOC +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +req_extensions = req_extensions +prompt = no + +[ req_distinguished_name ] +C = SE +O = SUNET +CN = $host + +[ req_extensions ] +subjectAltName = DNS:$host +EOC + +reqs="$ca_host/overlay/var/lib/ca/$ca_name/requests/$type" +if [ ! -d $reqs ]; then + echo "*** ERROR - missing request directory $reqs" + exit 1 +fi + +openssl req -config $cfg -new -newkey rsa:4096 -sha256 -keyout $key -nodes -out $csr +mv $csr "$reqs/$host.csr" +git add "$reqs/$host.csr" && git commit -m "certification request for $host from $ca_host:$ca_name" + +if [ -d $host ]; then + ssh root@$host mkdir -p /etc/ssl/private && scp "$key" "root@$host:/etc/ssl/private/${host}_${ca_name}.key" && rm -f "$key" && echo "** private key given to $host" || echo "** private key left in $key - should be in root@$host:/etc/ssl/private/${host}_${ca_name}.key" +fi + +echo "** successfully generated key and certification request for $host from $ca_host:$ca_name" |