The Tech Guy
The Tech Guy - Blog

The Tech Guy - Blog

Certificate Generator

SSL/TSL - Bash script

The Tech Guy's photo
The Tech Guy
·Jun 2, 2022·

3 min read

Certificate Generator
Play this article

I would like to share this bash script with you all, in case you have to generate a self-signed certificate on your own server for Lab purposes. This certificate will be valid for 10 years but you can change it on the x509 section.

Formats used at this script:

OutputsDescriptionEncodingopenssl command
.csr
(or use .pem)
Certificate Signing Request
public-private keypair
Base64 (ASCII)req
.keyPrivate Key
Public Key
Base64 (ASCII)genrsa
rsa
.crt
(or use .cer)
CertificateBase64 (ASCII)x509
.pfxpersonal exchange formatPKCS#12 Binarypkcs12
dhparam.pemTo enable the DHE-RSA-based SSL cipher suiteBase64 (ASCII)dhparam

This script reads values described on the read command that will be used as variables to construct your self-signed certificate using openssl. This is easy, just follow these directions:

touch cert-gen.sh

ll | grep cert-gen.sh 
-rw-rw-r--  1 server server        0 Jun  2 00:33 cert-gen.sh

Notice the file does not have executable permissions so let's proceed to change that.

chmod -v u+x,g+x cert-gen.sh
mode of 'cert-gen.sh' changed from 0664 (rw-rw-r--) to 0774 (rwxrwxr--)

Then, let's proceed to add the following script into the file, you can use your preferred text editor.

If you want to execute your script after the code has been added to the file, use the following command:

./cert-gen.sh
vi cert-gen.sh
i
------------------------------------------
#!/bin/bash

# Date: 6/1/2022
# By Berny Ramirez
# br@netcode.vip

#Required:
echo "Welcome to the Certificate Generator"
echo "Please complete the following information"
read -p "FQDN: " domain
read -p "Password (4 to 1023 Char): " password

#Change to your company details
country=US
state=Georgia
locality=Atlanta
organization=netcode.vip
organizationalunit=IT
email=br@netcode.vip


if [ -z "$domain" ]
then
    echo "Argument not present."
    echo "Useage $0 [common name]"
    exit 99
fi

 #Generate a Private key with -des3 as cipher and 2048 as length
echo "Generating a private key request for $domain"
openssl genrsa -des3 -passout pass:$password -out $domain-priv.key 2048

echo "Generating a public key from a private key request for $domain"
openssl rsa -in $domain-priv.key -passin pass:$password -pubout -out $domain-pub.key

#Create the request with the private key
echo "Creating CSR - Certificate Signing Request"
openssl req -new -key $domain-priv.key -out $domain.csr -passin pass:$password \
    -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$domain/emailAddress=$email"

echo "Creating self-signed certificate"
openssl x509 -req -days 3650 -in $domain.csr -signkey $domain-priv.key -passin pass:$password -out $domain.crt

echo "Creating Diffie-Hellman parameters - dhparam"
openssl dhparam -out dhparam.pem 2048
echo
echo
echo "---------------------------"
echo "-----Below is your CSR-----"
echo "---------------------------"
echo
cat $domain.csr
echo
echo "---------------------------"
echo "-----Below is your Private Key-----"
echo "---------------------------"
echo
cat $domain-priv.key
echo
echo "---------------------------"
echo "-----Below is your Public Key-----"
echo "---------------------------"
echo
cat $domain-pub.key
echo
echo "---------------------------"
echo "-----Below is your Certificate -----"
echo "---------------------------"
echo
cat $domain.crt
echo
echo "---------------------------"
echo "-----Below is your Diffie-Hellman Param-----"
echo "---------------------------"
echo
cat dhparam.pem
echo
echo "Your Key and Certificate have been stored in this folder"
echo
echo "Generating .PFX File"
openssl pkcs12 -export -out $domain.pfx -passin pass:$password $domain.key -in $domain.crt
echo
echo ".PFX File has been created and stored"
echo

------------------------------------------
:wq!

If you want to delete all the files generated by the script just type:

rm domain*
rm dhparam.pem

This is it, I hope you enjoyed it !!!

 
Share this