178 lines
4.6 KiB
Bash
Executable File
178 lines
4.6 KiB
Bash
Executable File
#!/bin/bash
|
||
#############################################################
|
||
# Script name: createCA.sh
|
||
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
|
||
# Version: v1beta 2026-04-05
|
||
# Description: Script to create a own CA
|
||
# License: CC BY-NC 4.0 (https://creativecommons.org/licenses/by-nc/4.0/)
|
||
#
|
||
# This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND.
|
||
# Commercial use is strictly prohibited without prior authorization.
|
||
#
|
||
# Changelog
|
||
# [1.0.0] - 2026-04-05
|
||
# Project initialization
|
||
# - initialization by gilles.mouchet@gmail.com
|
||
#
|
||
############################################################
|
||
#
|
||
version=v1beta
|
||
|
||
############################################################
|
||
# FUNCTIONS
|
||
############################################################
|
||
#-----------------------------------------------------------
|
||
# Display usage
|
||
usage() {
|
||
cat << EOF
|
||
Usage: ./$(basename "$0") -n <commonName>
|
||
Template script
|
||
Options:
|
||
-n, --common-name - CA common name [mandatory]
|
||
-h, --help - show this help
|
||
-v, --version - show script version
|
||
|
||
Examples:
|
||
Show this help
|
||
./$(basename "$0") -n "GMOLab CA"
|
||
EOF
|
||
}
|
||
|
||
#-----------------------------------------------------------
|
||
clean_string() {
|
||
echo "$1" | \
|
||
# translite special chars to closest ASCII (e.g., 'é' -> 'e')
|
||
iconv -f utf-8 -t ascii//TRANSLIT | \
|
||
# convert to lowercase
|
||
tr '[:upper:]' '[:lower:]' | \
|
||
# replace any non-alphanumeric character with an underscore
|
||
sed -E 's/[^a-z0-9]+/_/g' | \
|
||
# replace multiple underscores into one
|
||
sed -E 's/(_)+/_/g' | \
|
||
# remove underscores at the beginning or end
|
||
sed -E 's/^_|_$//g'
|
||
}
|
||
############################################################
|
||
# MAIN
|
||
############################################################
|
||
|
||
# var for config file
|
||
progName=`echo $0 | sed -e 's|.*/||g' | cut -f1 -d.`
|
||
confDir=/etc/own-pki
|
||
cfgFile=${confDir}/own-pki.conf
|
||
|
||
# check if conf file or passphrase file exist
|
||
if [ ! -f $cfgFile ]; then
|
||
echo "$progName not installed correctly. Please run install.sh script"
|
||
exit 1
|
||
fi
|
||
|
||
# read config file
|
||
. $cfgFile
|
||
|
||
# check if param exist
|
||
if [ -z "$1" ]; then
|
||
usage
|
||
exit 1
|
||
fi
|
||
|
||
# read cli parameters
|
||
while [[ "$#" -gt 0 ]]; do
|
||
case "$1" in
|
||
-n|--name)
|
||
# check if param $2 exist
|
||
if [ -z "$2" ]; then
|
||
usage
|
||
exit
|
||
else
|
||
commonName="$2"
|
||
fi
|
||
shift 2
|
||
;;
|
||
version|-v|--version)
|
||
cat << EOF
|
||
$(basename "$0") $version (c) 1990 - $(date +%Y) by Gilles Mouchet
|
||
|
||
This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND.
|
||
Non-Commercial Use License – See LICENSE for details
|
||
|
||
EOF
|
||
exit
|
||
;;
|
||
*|help|-h|--help)
|
||
usage
|
||
exit
|
||
;;
|
||
esac
|
||
done
|
||
|
||
# clean variable commonName
|
||
caName=$(clean_string "${commonName}")
|
||
|
||
# summary
|
||
cat << EOF
|
||
|
||
Summary
|
||
----------------------------------------------------------------------------
|
||
Certificats files destination: $certPath
|
||
CA private file name (key): $certPath/$caName.key
|
||
CA public file name (crt): $certPath/$caName.crt
|
||
|
||
Country name: $countryName
|
||
State or province name: $stateOrProvinceName
|
||
Locality name: $localityName
|
||
Organization name: $organizationName
|
||
Organizational unit name: $organizationalUnitName
|
||
Common name: $commonName
|
||
Email address: $emailAddress
|
||
|
||
IMPORTANT
|
||
You will be asked for a password. Choose a STRONG PASSWORD
|
||
and KEEP IT SECURE.
|
||
|
||
You will be asked for it when creating certificates.
|
||
|
||
EOF
|
||
|
||
read -p "Are you OK (y/N)? " answer
|
||
if [[ "$answer" != "y" && "$answer" != "Y" ]]; then
|
||
exit 1
|
||
fi
|
||
|
||
# create destination path
|
||
if [ ! -d "$certPath" ]; then
|
||
echo "create $certPath"
|
||
mkdir $certPath
|
||
fi
|
||
|
||
# check if CA files exist
|
||
if [ -f "$certPath/$caName.key" ]; then
|
||
echo -e "\n$certPath/$caName.key already exists!\n"
|
||
read -p "Are you sure you want to delete it? (y/N)? " answer
|
||
if [[ "$answer" != "y" && "$answer" != "Y" ]]; then
|
||
exit 1
|
||
fi
|
||
fi
|
||
|
||
# config ca-conf file
|
||
sed -e "s|%COUNTRY_NAME%|$countryName|" \
|
||
-e "s|%STATE_OF_PROVINCE_NAME%|$stateOrProvinceName|" \
|
||
-e "s|%LOCALITY_NAME%|$localityName|" \
|
||
-e "s|%ORGANIZITION_NAME%|$organizationName|" \
|
||
-e "s|%ORGANiZATION_UNIT_NAME%|$organizationalUnitName|" \
|
||
-e "s|%COMMON_NAME%|$commonName|" \
|
||
-e "s|%EMAIL_ADDRESS%|$emailAddress|" < ca-config.tmpl > $certPath/ca-config
|
||
|
||
# create ca
|
||
|
||
openssl req -new -x509 -extensions v3_ca -days 1825 -newkey rsa:4096 \
|
||
-keyout $certPath/$caName.key \
|
||
-out $certPath/$caName.crt \
|
||
-config $certPath/ca-config \
|
||
-batch
|
||
if [ "$?" == "0" ]; then
|
||
echo "CA created successfully"
|
||
echo "!! Keep your password safe !!"
|
||
fi
|
||
|