create-star-cert-req.sh 1.37 KB
Newer Older
Xueshan Feng's avatar
Xueshan Feng committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/bash -e
#
# Generate star ssl certificate request for a subdomain, e.g, *.anchorage.stanford.edu:
#
# ./create-star-cert-req.sh -s anchorage -o "IT Services" -e "emerging-tech@lists.stanford.edu"
# 
# Note: the subdomain key and the csr will be saved in your current working directory. 
# 
# If the subdomain is delegated to a cloud vendor, you will need to send the csr to its-ssl-service@lists.stanford.edu 
# Otherwise you can use https://tools.stanford.edu/cgi-bin/cert-request form to submit your request. 
# 

# Default top domain
domain="stanford.edu"

while getopts ":s:o:e:" OPTION
do
  case $OPTION in
    d)
      domain=$OPTARG
      ;;
    s)
      subdomain="${OPTARG%%/*}"
      ;;
    o)
      ou=$OPTARG
      ;;
    e)
      email=$OPTARG
      ;;
    ?)
      echo "$0 -s <subdomain> -o <ou> -e <email>"
      exit 0
      ;;
  esac
done

if [[ ! $subdomain|| ! $ou || ! $email || ! $domain ]]; then
    echo "subdomain, ou, or email are missing."
    echo "Usage: $0 -s <subdomain> -o <ou> -e <email>"
    exit 1
fi

echo "creating the $subdomain.key and $subdomain.csr...."
cat site.cnf.tmpl | sed "s/FQDN/$subdomain.$domain/;s/OU/$ou/;s/EMAIL/$email/" > site.cnf
openssl req -new -config site.cnf  -rand /dev/urandom -nodes -keyout $subdomain.$domain.key -out $subdomain.$domain.csr

echo "$subdomain.csr is generated:"
openssl  req -text -noout -in $subdomain.$domain.csr