Commit d2d17958 authored by Xueshan Feng's avatar Xueshan Feng
Browse files

initial revision.

parents
Pipeline #20 skipped
*.key
*.csr
site.cnf
#!/bin/bash -e
#
# Generate star ssl certificate request for a subdomain, e.g, *.anchorage.stanford.edu:
#
# ./create-star-cert-req.sh -s anchorage -o "IT Services" -e "emerging-tech@lists.stanford.edu"
#
# Note: the subdomain key and the csr will be saved in your current working directory.
#
# If the subdomain is delegated to a cloud vendor, you will need to send the csr to its-ssl-service@lists.stanford.edu
# Otherwise you can use https://tools.stanford.edu/cgi-bin/cert-request form to submit your request.
#
# Default top domain
domain="stanford.edu"
while getopts ":s:o:e:" OPTION
do
case $OPTION in
d)
domain=$OPTARG
;;
s)
subdomain="${OPTARG%%/*}"
;;
o)
ou=$OPTARG
;;
e)
email=$OPTARG
;;
?)
echo "$0 -s <subdomain> -o <ou> -e <email>"
exit 0
;;
esac
done
if [[ ! $subdomain|| ! $ou || ! $email || ! $domain ]]; then
echo "subdomain, ou, or email are missing."
echo "Usage: $0 -s <subdomain> -o <ou> -e <email>"
exit 1
fi
echo "creating the $subdomain.key and $subdomain.csr...."
cat site.cnf.tmpl | sed "s/FQDN/$subdomain.$domain/;s/OU/$ou/;s/EMAIL/$email/" > site.cnf
openssl req -new -config site.cnf -rand /dev/urandom -nodes -keyout $subdomain.$domain.key -out $subdomain.$domain.csr
echo "$subdomain.csr is generated:"
openssl req -text -noout -in $subdomain.$domain.csr
# OpenSSL configuration to generate a new key with signing requst for a x509v3
# multidomain certificate
#
# openssl req -config bla.cnf -new | tee csr.pem
# or
# openssl req -config bla.cnf -new -out csr.pem
[ req ]
default_bits = 2048
default_md = sha512
default_keyfile = site.key
prompt = no
encrypt_key = no
# base request
distinguished_name = req_distinguished_name
# extensions
req_extensions = v3_req
# distinguished_name
[ req_distinguished_name ]
countryName = "US" # C=
stateOrProvinceName = "CA" # ST=
localityName = "Stanford" # L=
organizationName = "Stanford University" # O=
organizationalUnitName = "OU" # OU=
commonName = "FQDN" # CN=
emailAddress = "EMAIL" # CN/emailAddress=
# req_extensions
[ v3_req ]
# The subject alternative name extension allows various literal values to be
# included in the configuration file
# http://www.openssl.org/docs/apps/x509v3_config.html
#keyUsage = keyEncipherment, dataEncipherment, digitalSignature
#extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = FQDN
DNS.2 = *.FQDN
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment