Script de création pour une AC auto-signée
Il suffit de mettre un passwor et un nom pour l'ac
NB : $(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;) -->génère un password de 25 caractères aplhnum aléatoire.
Vous pouvez le changer et mettre ce que bon vous semble ! ;-))
#-----------------------------------------------
#!/bin/sh
CertPath=/etc/ssl/localcerts
mkdir -p $CertPath
# Creation d'une autorite de certification
ACpasswd=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
ACName=my-ca
# subj parameters
CInit="Fr"
Cntry="France"
CCity="Paris"
Orgnt="My Organisation"
OUdpt="IT Department"
CNdpt="$ACName"
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"
printf "\n\033[1;33mCréation de certificats auto-signés pour $ACName\033[0m\n"
printf "\n\033[1;33mACName=$ACName\033[0m"
printf "\n\033[1;33mACpasswd=$ACpasswd\033[0m\n"
printf "\n\033[1;33mCInit=$CInit\033[0m\n"
printf "\033[1;33mCntry=$Cntry\033[0m\n"
printf "\033[1;33mCity=$CCity\033[0m\n"
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"
sleep 1
# Suppresion des anciens fichiers si présents
rm $CertPath/$ACName*
# Sauvagarde des clés
echo "ACName=$ACName" > $CertPath/$ACName"-key.txt"
echo "ACpasswd=$ACpasswd" >> $CertPath/$ACName"-key.txt"
# creation des certificats
printf "\n\033[1;33mopenssl genrsa -out $CertPath/$ACName.key 2048\033[0m\n"
openssl genrsa -out "$CertPath/$ACName.key" 2048
printf "\n\033[1;33mopenssl req -new -key $CertPath/$ACName.key -out $CertPath/$ACName.csr -passin pass:$ACpasswd -subj $Subj\033[0m\n"
openssl req -new -key "$CertPath/$ACName.key" -out "$CertPath/$ACName.csr" -passin pass:$ACpasswd -subj "$Subj"
printf "\n\033[1;33mopenssl x509 -req -days 365 -in $CertPath/$ACName.csr -out $CertPath/$ACName.crt -signkey $CertPath/$ACName.key\033[0m\n"
openssl x509 -req -days 365 -in "$CertPath/$ACName.csr" -out "$CertPath/$ACName.crt" -signkey "$CertPath/$ACName.key"
printf "\n\033[1;33mopenssl x509 -in $CertPath/$ACName.crt -text\033[0m\n"
openssl x509 -in "$CertPath/$ACName.crt" -text
printf "\n\033[1;33mopenssl rsa -in $CertPath/$ACName.key -passin pass:$ACpasswd -pubout -out $CertPath/$ACName.public.key\033[0m\n"
openssl rsa -in "$CertPath/$ACName.key" -passin pass:$ACpasswd -pubout -out "$CertPath/$ACName.public.key"
printf "\n\033[1;33mcat $CertPath/$ACName.key $CertPath/$ACName.crt > $CertPath/$ACName.pem\033[0m\n"
cat $CertPath/$ACName.key $CertPath/$ACName.crt > $CertPath/$ACName.pem
# echo "openssl x509 -req -days 3650 -signkey $CertPath/$ACName.key -out $CertPath/$ACName.crt"
# openssl x509 -req -days 3650 -signkey $CertPath/$ACName.key -out $CertPath/$ACName.crt
echo "openssl x509 -in $CertPath/$ACName.crt -text -noout"
openssl x509 -in $CertPath/$ACName.crt -text -noout
#--------------------------
Script de création pour un certificat serveur autosigné via l'AC créée par le script précédent
Les paramètres à renseigner sont
ServerName-->nom du serveur (utile pour les paramètres subj)
#-------------------------------------------------
#!/bin/sh
CertPath=/etc/ssl/localcerts
# Nom de l'autorite de certification
ACName=my-ca
# server parameters
ServerPassph=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
ServerExpKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
ServerPemKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
ServerName=myserver
# subj parameters
CInit="Fr"
Cntry="France"
CCity="Paris"
Orgnt="my Organisation"
OUdpt="IT Department"
CNdpt="$ServerName"
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"
printf "\n\033[1;33mCréation de certificats auto-signés pour $ServerName\033[0m\n"
printf "\n\033[1;33mServerName=$ServerName\033[0m"
printf "\n\033[1;33mServerPassph=$ServerPassph\033[0m\n"
printf "\033[1;33mServerExpKey=$ServerExpKey\033[0m\n"
printf "\033[1;33mServerPemKey=$ServerPemKey\033[0m\n"
printf "\n\033[1;33mCInit=$CInit\033[0m\n"
printf "\033[1;33mCntry=$Cntry\033[0m\n"
printf "\033[1;33mCity=$CCity\033[0m\n"
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"
printf "\033[1;33mSubj=$Subj\033[0m\n"
sleep 2
# Suppresion des anciens fichiers si présents
rm $CertPath/$ServerName*
# Sauvagarde des clés
echo "ServerName=$ServerName" > $CertPath/$ServerName"-key.txt"
echo "ServerPassph=$ServerPassph" >>$CertPath/$ServerName"-key.txt"
echo "ServerExpKey=$ServerExpKey" >>$CertPath/$ServerName"-key.txt"
echo "ServerPemKey=$ServerPemKey" >>$CertPath/$ServerName"-key.txt"
#Creation et signature du certificat serveur
printf "\n\033[1;33mopenssl genrsa -des3 -out $CertPath/$ServerName.key -passout pass:$ServerPassph 2048 -subj $Subj\033[0m\n"
openssl genrsa -des3 -out $CertPath/$ServerName.key -passout pass:$ServerPassph 2048 -subj "$Subj"
printf "\n\033[1;33mopenssl req -new -key $CertPath/$ServerName.key -out $CertPath/$ServerName.csr -passin pass:$ServerPassph -subj $Subj\033[0m\n"
openssl req -new -key $CertPath/$ServerName.key -out $CertPath/$ServerName.csr -passin pass:$ServerPassph -subj "$Subj"
printf "\n\033[1;33mopenssl x509 -req -in $CertPath/$ServerName.csr -CA $CertPath/$ACName.crt -CAkey $CertPath/$ACName.key -CAcreateserial -out $CertPath/$ServerName.crt -days 3650\033[0m\n"
openssl x509 -req -in $CertPath/$ServerName.csr -CA $CertPath/$ACName.crt -CAkey $CertPath/$ACName.key -CAcreateserial -out $CertPath/$ServerName.crt -days 3650
printf "\n\033[1;33mopenssl rsa -in $CertPath/$ServerName.key -passin pass:$ServerPassph -out $CertPath/$ServerName.nopassphrase.key\033[0m\n"
openssl rsa -in $CertPath/$ServerName.key -passin pass:$ServerPassph -out "$CertPath/$ServerName.nopassphrase.key"
#--------------------------------------------
Script de création d'un certificat utilisateur pour limiter les accès https
#--------------------------------------------
#!/bin/sh
CertPath=/etc/ssl/localcerts
# Nom de l'autorite de certification
ACName=my-ca
# user parameters
UserPassph=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
UserExpKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
UserPemKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)
UserKey=myUserKey
# subj parameters
CInit="Fr"
Cntry="France"
CCity="Paris"
Orgnt="my Organisation"
OUdpt="IT Department"
CNdpt="$UserKey"
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"
printf "\n\033[1;33mCréation des certificats auto-signés pour $UserKey\033[0m\n"
printf "\n\033[1;33mUserPassph=$UserPassph\033[0m"
printf "\n\033[1;33mUserExpKey=$UserExpKey\033[0m"
printf "\n\033[1;33mUserPemKey=$UserPemKey\033[0m"
printf "\n\033[1;33mUserKey=$UserKey\033[0m\n"
printf "\n\033[1;33mCInit=$CInit\033[0m\n"
printf "\033[1;33mCntry=$Cntry\033[0m\n"
printf "\033[1;33mCity=$CCity\033[0m\n"
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"
printf "\033[1;33mSubj=$Subj\033[0m\n"
sleep 1
# Suppresion des anciens fichiers si présents
rm $CertPath/$UserKey*
# Sauvagarde des clés
echo "UserKey=$UserKey" > $CertPath/$UserKey"-key.txt"
echo "UserPassph=$UserPassph" >>$CertPath/$UserKey"-key.txt"
echo "UserExpKey=$UserExpKey" >>$CertPath/$UserKey"-key.txt"
echo "UserPemKey=$UserPemKey" >>$CertPath/$UserKey"-key.txt"
#Creation et signature du certificat user
printf "\n\033[1;33mopenssl genrsa -des3 -out $CertPath/$UserKey.key -passout pass:$UserPassph 2048 -subj $Subj\033[0m\n"
openssl genrsa -des3 -out $CertPath/$UserKey.key -passout pass:$UserPassph 2048 -subj "$Subj"
printf "\n\033[1;33mopenssl req -new -key $CertPath/$UserKey.key -out $CertPath/$UserKey.csr -passin pass:$UserPassph -subj $Subj\033[0m\n"
openssl req -new -key $CertPath/$UserKey.key -out $CertPath/$UserKey.csr -passin pass:$UserPassph -subj "$Subj"
printf "\n\033[1;33mopenssl x509 -req -in $CertPath/$UserKey.csr -out $CertPath/$UserKey.crt -CA $CertPath/$ACName.crt -sha1 -CAkey $CertPath/$ACName.key -CAcreateserial -days 1825\033[0m\n"
openssl x509 -req -in $CertPath/$UserKey.csr -out $CertPath/$UserKey.crt -CA $CertPath/$ACName.crt -sha1 -CAkey $CertPath/$ACName.key -CAcreateserial -days 1825
printf "\n\033[1;33mopenssl pkcs12 -export -in $CertPath/$UserKey.crt -inkey $CertPath/$UserKey.key -name $UserKey.key -out $CertPath/$UserKey.p12 -name $UserKey certificate -passin pass:$UserPassph -passout pass:$UserPassph\033[0m\n"
openssl pkcs12 -export -in $CertPath/$UserKey.crt -inkey $CertPath/$UserKey.key -name $UserKey -out $CertPath/$UserKey.p12 -name "$UserKey certificate" -passin pass:$UserPassph -passout pass:$UserPassph
printf "\n\033[1;33mopenssl pkcs12 -in $CertPath/$UserKey.p12 -clcerts -nokeys -info -passin pass:$UserPassph\033[0m"
openssl pkcs12 -in $CertPath/$UserKey.p12 -clcerts -nokeys -info -passin pass:$UserPassph