#!/bin/bash if [ "$#" -lt 1 ]; then echo "Usage: $0 " exit 1 fi CN="$1" BASE=$(echo "$CN" | awk -F'.' '{print $1}') SUBJECT="/C=FR/ST=Rhone-Alpes/L=Grenoble/O=Mirantis/OU=Fuel plugins/CN=$CN" # We only check that openssl is available OPENSSL=$(which openssl) if [ "$?" -ne 0 ]; then echo "openssl: command not found" exit 1 fi # First we create the private key $OPENSSL genrsa -out "$BASE.key" 2048 if [ "$?" -ne 0 ]; then echo "Failed to create $BASE.key" exit 1 fi echo "Creation of $BASE.key done" # Then we create the certificate signing request for BASE $OPENSSL req -new -key "$BASE.key" -out "$BASE.csr" -subj "$SUBJECT" if [ "$?" -ne 0 ]; then echo "Failed to create the CSR $BASE.csr" exit 1 fi echo "Creation of $BASE.csr done" # Sign it with the CA root key ROOTKEY=$(cat < "$MD5FILE" md5sum -c "$MD5FILE" if [ "$?" -ne 0 ]; then echo "Failed to validate checksum for $ROOTKEYFILE/$ROOTPEMFILE" exit 1 fi $OPENSSL x509 -req -in "$BASE.csr" \ -CAkey "$ROOTKEYFILE" \ -CA "$ROOTPEMFILE" \ -CAcreateserial -out "$BASE.crt" -days 500 -sha256 if [ "$?" -ne 0 ]; then echo "Failed to create the signed certificate $BASE.crt" exit 1 fi echo "Creation of $BASE.crt done" # Concatenate file cat "$BASE.crt" "$BASE.key" > "$BASE.pem" echo "Creation of $BASE.pem done" # Cleanup rm -f "$BASE.key" "$BASE.csr" "$BASE.crt" rm -f "$ROOTKEYFILE" "$ROOTPEMFILE" "$MD5FILE"