89 lines
2.4 KiB
Bash
Executable File
89 lines
2.4 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
create_ca() {
|
|
# Folder structure
|
|
mkdir -p vimium/ca/{certs,crl,newcerts,private}
|
|
mkdir -p vimium/ca/intermediate/{certs,crl,csr,newcerts,private}
|
|
chmod 700 vimium/ca/private
|
|
chmod 700 vimium/ca/intermediate/private
|
|
|
|
pushd vimium/ca
|
|
touch index.txt intermediate/index.txt
|
|
echo 1000 | tee -a serial intermediate/serial intermediate/crlnumber
|
|
|
|
# Root generation
|
|
openssl genrsa -aes256 -out private/ca.key.pem 4096
|
|
chmod 400 private/ca.key.pem
|
|
openssl req -config openssl.cnf \
|
|
-key private/ca.key.pem \
|
|
-new -x509 -days 7300 -sha256 -extensions v3_ca \
|
|
-out certs/ca.cer.pem
|
|
|
|
# Intermediate generation
|
|
openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem 4096
|
|
chmod 400 intermediate/private/intermediate.key.pem
|
|
openssl req -config intermediate/openssl.cnf -new -sha256 \
|
|
-key intermediate/private/intermediate.key.pem \
|
|
-out intermediate/csr/intermediate.csr.pem
|
|
openssl ca -config openssl.cnf -extensions v3_intermediate_ca \
|
|
-days 3650 -notext -md sha256 \
|
|
-in intermediate/csr/intermediate.csr.pem \
|
|
-out intermediate/certs/intermediate.cer.pem
|
|
chmod 444 intermediate/certs/intermediate.cer.pem
|
|
|
|
# Chain generation
|
|
cat intermediate/certs/intermediate.cer.pem \
|
|
certs/ca.cer.pem > intermediate/certs/ca-chain.cer.pem
|
|
}
|
|
|
|
# Must be in intermediate CA dir for below
|
|
|
|
create_key() {
|
|
openssl genrsa -out private/$1.key.pem 2048
|
|
chmod 400 private/$1.key.pem
|
|
}
|
|
|
|
create_cert() {
|
|
openssl req -config openssl.cnf \
|
|
-key private/$1.key.pem \
|
|
-new -sha256 -out csr/$1.csr.pem
|
|
|
|
openssl ca -config openssl.cnf \
|
|
-extensions server_cert -days 375 -notext -md sha256 \
|
|
-in csr/$1.csr.pem \
|
|
-out certs/$1.cer.pem
|
|
}
|
|
|
|
create_crl() {
|
|
openssl ca -config openssl.cnf \
|
|
-gencrl -out crl/intermediate.crl.pem
|
|
}
|
|
|
|
revoke_cert() {
|
|
openssl ca -config openssl.cnf \
|
|
-revoke certs/$1.cer.pem
|
|
|
|
create_crl
|
|
}
|
|
|
|
view_crl() {
|
|
openssl crl -in crl/intermediate.crl.pem -noout -text
|
|
}
|
|
|
|
operation=$1
|
|
case $operation in
|
|
cert) create_cert "$@" ;;
|
|
crl) view_crl ;;
|
|
revoke) revoke_cert "$@" ;;
|
|
init) create_ca "$@" ;;
|
|
|
|
'')
|
|
printf 'usage: cactl <operation>\n'
|
|
printf 'operations:\n'
|
|
printf ' cactl cert <domain> Create a new certificate\n'
|
|
printf ' cactl crl View revoked certificates\n'
|
|
printf ' cactl revoke <domain> Revoke a certificate\n'
|
|
printf ' cactl init Initialise a new CA\n'
|
|
;;
|
|
esac
|