Manc · January 6, 2016 20:56
diff --git a/generate-rsa.sh b/generate-rsa.sh
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # This script will generate a new private key and a Certificate Signing Request
 # (CSR) using OpenSSL.
 # This script is non-interactive. Instead it uses the variables set at the
 # beginning of this script. Alternatively you can adapt this script easily
 # to read the values differently as required.
 # Developed and tested on Mac OS only, but should work on Linux too.
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.
 #
 # Created by Nick Zahn, Cloud Under Ltd - https://cloudunder.io
 # ------------------------------------------------------------------------------

 # Replace the following values:

 COMMONNAME="cloudunder.io" # Domain name, e.g. "cloudunder.io"
 ORGANISATION="Cloud Under Ltd" # e.g. company
 LOCALITY="Manchester" # e.g. city
 STATE="England" # state or province name
 COUNTRY="GB" # 2 letter code, e.g. "GB", "US", "DE"

 # ------------------------------------------------------------------------------
 # NO NEED TO EDIT ANYTHING BELOW THIS LINE (unless you want to)
 # ------------------------------------------------------------------------------

 YEAR=$(date +"%Y")
 DATE=$(date +"%Y-%m-%d")
 TARGET_DIR="${COMMONNAME}/${DATE}"
 PRIVATE_KEY_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_private.pem"
 CERT_SIGN_REQUEST_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_csr.pem"


 cat <<EOF > .temp-openssl-config
 [ req ]
 default_bits           = 2048
 distinguished_name     = req_distinguished_name
 prompt                 = no
 encrypt_key            = no
 string_mask            = utf8only
 req_extensions         = v3_req

 [ req_distinguished_name ]
 C                      = ${COUNTRY}
 ST                     = ${STATE}
 L                      = ${LOCALITY}
 O                      = ${ORGANISATION}
 CN                     = ${COMMONNAME}

 [ v3_req ]
 basicConstraints       = CA:FALSE
 keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
 EOF

 if [ -d "${TARGET_DIR}" ]; then
 	echo "Target directory already exists: ${TARGET_DIR}"
 	echo "Remove or rename it before you try again."
 	exit 1
 fi

 mkdir -p ${TARGET_DIR}

 openssl genrsa -out ${PRIVATE_KEY_FILE} 2048
 openssl req -new -config .temp-openssl-config -key ${PRIVATE_KEY_FILE} -out ${CERT_SIGN_REQUEST_FILE}
 rm -f .temp-openssl-config

 # Check
 M_RSA=$(openssl rsa -noout -modulus -in ${PRIVATE_KEY_FILE})
 M_REQ=$(openssl req -noout -modulus -in ${CERT_SIGN_REQUEST_FILE})
 if [ "${M_RSA}" != "${M_REQ}" ]; then
 	echo "Something went wrong. Private key and CSR files don't match."
 	exit 1
 fi

 echo "Done. Files generated:"
 echo ""
 echo "  1. Private key:"
 echo "     ${PRIVATE_KEY_FILE}"
 echo "     > Keep this file safe. It will be required on the web server."
 echo ""
 echo "  2. Certificate Signing Request (CSR):"
 echo "     ${CERT_SIGN_REQUEST_FILE}"
 echo "     > Submit this file to the SSL certificate provider."
 echo ""
 echo "To see the decoded contents of the CSR file, run the following command:"
 echo "  openssl req -verify -noout -text -in ${CERT_SIGN_REQUEST_FILE}"
	#!/bin/bash
	# ------------------------------------------------------------------------------
	# This script will generate a new private key and a Certificate Signing Request
	# (CSR) using OpenSSL.
	# This script is non-interactive. Instead it uses the variables set at the
	# beginning of this script. Alternatively you can adapt this script easily
	# to read the values differently as required.
	# Developed and tested on Mac OS only, but should work on Linux too.
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.
	#
	# Created by Nick Zahn, Cloud Under Ltd - https://cloudunder.io
	# ------------------------------------------------------------------------------

	# Replace the following values:

	COMMONNAME="cloudunder.io" # Domain name, e.g. "cloudunder.io"
	ORGANISATION="Cloud Under Ltd" # e.g. company
	LOCALITY="Manchester" # e.g. city
	STATE="England" # state or province name
	COUNTRY="GB" # 2 letter code, e.g. "GB", "US", "DE"

	# ------------------------------------------------------------------------------
	# NO NEED TO EDIT ANYTHING BELOW THIS LINE (unless you want to)
	# ------------------------------------------------------------------------------

	YEAR=$(date +"%Y")
	DATE=$(date +"%Y-%m-%d")
	TARGET_DIR="${COMMONNAME}/${DATE}"
	PRIVATE_KEY_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_private.pem"
	CERT_SIGN_REQUEST_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_csr.pem"


	cat <<EOF > .temp-openssl-config
	[ req ]
	default_bits = 2048
	distinguished_name = req_distinguished_name
	prompt = no
	encrypt_key = no
	string_mask = utf8only
	req_extensions = v3_req

	[ req_distinguished_name ]
	C = ${COUNTRY}
	ST = ${STATE}
	L = ${LOCALITY}
	O = ${ORGANISATION}
	CN = ${COMMONNAME}

	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	EOF

	if [ -d "${TARGET_DIR}" ]; then
	echo "Target directory already exists: ${TARGET_DIR}"
	echo "Remove or rename it before you try again."
	exit 1
	fi

	mkdir -p ${TARGET_DIR}

	openssl genrsa -out ${PRIVATE_KEY_FILE} 2048
	openssl req -new -config .temp-openssl-config -key ${PRIVATE_KEY_FILE} -out ${CERT_SIGN_REQUEST_FILE}
	rm -f .temp-openssl-config

	# Check
	M_RSA=$(openssl rsa -noout -modulus -in ${PRIVATE_KEY_FILE})
	M_REQ=$(openssl req -noout -modulus -in ${CERT_SIGN_REQUEST_FILE})
	if [ "${M_RSA}" != "${M_REQ}" ]; then
	echo "Something went wrong. Private key and CSR files don't match."
	exit 1
	fi

	echo "Done. Files generated:"
	echo ""
	echo " 1. Private key:"
	echo " ${PRIVATE_KEY_FILE}"
	echo " > Keep this file safe. It will be required on the web server."
	echo ""
	echo " 2. Certificate Signing Request (CSR):"
	echo " ${CERT_SIGN_REQUEST_FILE}"
	echo " > Submit this file to the SSL certificate provider."
	echo ""
	echo "To see the decoded contents of the CSR file, run the following command:"
	echo " openssl req -verify -noout -text -in ${CERT_SIGN_REQUEST_FILE}"