#!/bin/bash read -p "Enter the domain name: " domainname read -p "Enter the domain e.g. local not .local: " domain read -p "Enter country for csr:" country read -p "Enter county for csr:" county read -p "Enter city for csr:" city read -p "Enter company name for csr:" company read -p "Enter department for csr e.g IT:" department read -p "Enter password for certificate greater than 5 characters:" PASS read -p "Enter howmany years for the certificate to last:" certyears read -p "Just create config files Y/N:" configind if [ ${#PASS} -lt 5 ]; then echo "Password wrong length" ; exit fi passfile=$domainname.passfile passfileout=$domainname.passfileout key=$domainname.key csr=$domainname.csr crt=$domainname.crt pfx=$domainname.pfx nopass_key=$domainname.nopass.key csrconf=$domainname.csr.cnf crtconf=$domainname.crt.cnf fqdn=$domainname.$domain days=365 certdays=$((certyears * days)) checkfile=$domainname.txt rm -f $passfile echo $PASS > $passfile echo $PASS > $passfileout echo $certdays #read -n 1 -p "Press Enter to continue" echo [req] > $crtconf echo req_extensions = v3_req >> $crtconf echo prompt = no >> $crtconf echo [v3_req] >> $crtconf echo basicConstraints = critical, CA:TRUE >> $crtconf echo subjectKeyIdentifier = hash >> $crtconf echo authorityKeyIdentifier = keyid:always, issuer:always >> $crtconf echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly >> $crtconf echo [code_signing] >> $crtconf echo extendedKeyUsage = 1.3.6.1.5.5.7.3.3,codeSigning,serverAuth,clientAuth,emailProtection,timeStamping >> $crtconf echo subjectAltName = @alt_names >> $crtconf echo [alt_names] >> $crtconf echo DNS.1 = *.$fqdn >> $crtconf echo [req] > $csrconf echo prompt = no >> $csrconf echo distinguished_name = req_distinguished_name >> $csrconf echo [req_distinguished_name] >> $csrconf echo C = $country >> $csrconf echo ST = $county >> $csrconf echo L = $city >> $csrconf echo O = $company >> $csrconf echo OU = $department >> $csrconf echo CN = *.$fqdn >> $csrconf if [ "$configind" = "Y" ]; then echo "Only Config files wanted" ; echo these are the command that need to be executed ; echo openssl genrsa -des3 -passout file:$passfile -out $key 4096 ; echo openssl req -new -sha256 -config $csrconf -passin file:$passfile -key $key -out $csr ; echo openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -passin file:$passfile -in $csr -signkey $key -out $crt ; echo openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt echo openssl rsa -passin file:$passfile -in $key -out $nopass_key ; exit echo openssl x509 -text -in $crt -noout fi echo these are the command to be executed echo openssl genrsa -des3 -out $key 4096 echo openssl req -new -sha256 -config $csrconf -key $key -out $csr echo openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -in $csr -signkey $key -out $crt echo openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt echo openssl rsa -passin file:$passfile -in $key -out $nopass_key echo openssl x509 -text -in $crt -noout > $checkfile read -n 1 -p "Press Enter to continue" openssl genrsa -des3 -passout file:$passfile -out $key 4096 openssl req -new -sha256 -config $csrconf -passin file:$passfile -key $key -out $csr openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -passin file:$passfile -in $csr -signkey $key -out $crt openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt openssl rsa -passin file:$passfile -in $key -out $nopass_key openssl x509 -text -in $crt -noout > $checkfile rm $crtconf rm $csrconf rm $passfile rm $passfileout