scripts/own-pki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.0.0

Browse Source
This commit is contained in:
Gilles Mouchet 2026-04-30 06:48:53 +02:00
parent 31f3b5578a
commit 11b848c3f2
11 changed files with 80 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
bin/.gitkeep
View File

5
bin/generate-cert.sh
View File

@ -3,7 +3,7 @@
# Script name: create-cert.sh # Script name: create-cert.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com # Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: 1.0.0 # Version: 1.0.0
# Description: Create a cert and save it on db # Description: Create a cert
# License: GNU GPL v3 # License: GNU GPL v3
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
@ -13,8 +13,7 @@
# #
# Changelog # Changelog
# [1.0.0] - 2026-04-12 # [1.0.0] - 2026-04-12
# Added: # Added:
# - adding cert into DB
# - generating private key # - generating private key
# - generating Certificate Signing Request (csr) file # - generating Certificate Signing Request (csr) file
# - signing the certificate with the CA # - signing the certificate with the CA

14
bin/info-cert.sh
View File

@ -1,13 +1,15 @@
#!/bin/bash #!/bin/bash
############################################################# #############################################################
# Script name: template.sh # Script name: info-cert.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com # Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: v1beta 2026-04-05 # Version: 1.0.0
# Description: Script template linux # Description: Display cert info
# License: CC BY-NC 4.0 (https://creativecommons.org/licenses/by-nc/4.0/) # License: GNU GPL v3
# #
# This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND. # This program is distributed in the hope that it will be useful,
# Commercial use is strictly prohibited without prior authorization. # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# #
# Changelog # Changelog
# [1.0.0] - 2026-04-05 # [1.0.0] - 2026-04-05

10
bin/install.sh
View File

@ -19,7 +19,6 @@
# - initialization by gilles.mouchet@gmail.com # - initialization by gilles.mouchet@gmail.com
# #
############################################################ ############################################################
#
VERSION=1.0.0 VERSION=1.0.0
@ -27,13 +26,6 @@ VERSION=1.0.0
# Main # Main
############################################################ ############################################################
#main (){ #main (){
# path resolution
#SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
#ROOT_DIR="$(dirname "$SCRIPT_DIR")"
#CONF_PATH="/etc/own-pki"
#ENABLE_COLOR=true
#BIN_PATH="/opt/own-pki"
#ASSUME_YES=0
main(){ main(){
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@ -162,8 +154,6 @@ main(){
echo " Installation completed !!" echo " Installation completed !!"
echo -e " Adapt the file ${ORANGE}$CONF_PATH/own-pki.conf${NC} as you need" echo -e " Adapt the file ${ORANGE}$CONF_PATH/own-pki.conf${NC} as you need"
echo "******************************************************" echo "******************************************************"
} }
main "$@" main "$@"

4
bin/remove-cert.sh
View File

@ -3,7 +3,7 @@
# Script name: remove-cert.sh # Script name: remove-cert.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com # Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: 1.0.0 # Version: 1.0.0
# Description: Removes certificate from the database # Description: Removes certificate
# License: GNU GPL v3 # License: GNU GPL v3
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
@ -14,7 +14,7 @@
# Changelog # Changelog
# [1.0.0] - 2026-04-05 # [1.0.0] - 2026-04-05
# Added: # Added:
# - new features # - removes certificates
# Project initialization: # Project initialization:
# - initialization by gilles.mouchet@gmail.com # - initialization by gilles.mouchet@gmail.com
# #

68
bin/uninstall.sh Executable file
View File

@ -0,0 +1,68 @@
#!/bin/bash
#############################################################
# Script name: uninstall.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: 1.0.0
# Description: Uninstall own pki
# License: GNU GPL v3
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Changelog
# [1.0.0] - 2026-04-30
# Added:
# - uninstall script
# Project initialization:
# - initialization by gilles.mouchet@gmail.com
#
############################################################
version=1.0.0
############################################################
# MAIN
############################################################
main(){
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
# To ensure that users are prompted to confirm with a yes or no.
ASSUME_YES=0
# read library
source "$ROOT_DIR/lib/stdlib.sh"
# init config
init_default
init_env
# set color
set_color
# check if script is run with sudo
check_sudo
# message
msg_info "***********************************************"
msg_info " You are going to uninstall the own PKI toolkit."
msg_info " Only the scripts will be uninstalled."
msg_error " The folders below will NOT BE DELETED."
msg_warn " - $KEY_CA_PATH"
msg_warn " - $CRT_CA_PATH"
msg_warn " - $CERTS_PATH"
msg_info "***********************************************"
yes_no "Are you sure"
echo -e -n "Delete $CONF_PATH: "
rm -rf $CONF_PATH
check_rc $?
echo -e -n "Delete $ROOT_DIR: "
rm -rf $ROOT_DIR
check_rc $?
}
main "$@"

0
config/.gitkeep
View File

102
config/ca-config
View File

@ -1,102 +0,0 @@
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/dbca/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CH
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Vaud
localityName = Locality Name (eg, city)
localityName_default = Nyon
0.organizationName = Organization Name (eg, company)
0.organizationName_default = GMO Lab (gmolab)
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = ITCS (Information Technology and Communications Service)
commonName = Common Name (eg, YOUR name)
commonName_default =
commonName_max = 64
emailAddress = Email Address
emailAddress_default = example@example.com
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always

11
lib/check-rc.sh-old
View File

@ -1,11 +0,0 @@
# check if run from script
[[ "${BASH_SOURCE[0]}" == "${0}" ]] && exit 1
#------------------------------------------------------------------------------
check_rc(){
if [ "$1" != "0" ]; then
msg_error "Error (RC:$rc)"
exit 1
else
msg_ok "OK"
fi
}

25
lib/set-color.sh-old
View File

@ -1,25 +0,0 @@
# check if run from script
[[ "${BASH_SOURCE[0]}" == "${0}" ]] && exit 1
#-----------------------------------------------------------
# set colors
# RED Error
# ORANGE Attention or color for parameters when
# confirmation
# CYAN Ask to user or display a data
# GREEN OK
set_color(){
if [[ "$ENABLE_COLOR" == "true" ]]; then
RED='\e[0;31m'
ORANGE='\e[0;33m'
CYAN='\e[0;36m'
GREEN='\e[0;32m'
NC='\e[0m'
else
RED=''
ORANGE=''
CYAN=''
GREEN=''
NC=''
fi
}

14
lib/yes-no.sh-old
View File

@ -1,14 +0,0 @@
# check if run from script
[[ "${BASH_SOURCE[0]}" == "${0}" ]] && exit 1
yes_no(){
if [ "$ASSUME_YES" == "0" ]; then
echo -n -e "${CYAN}$1 [y/N]? ${NC}"
unset answer
read answer
if [ "${answer}" != "y" ]; then
echo -e "${ORANGE}Canceled!${NC}"
exit 1
fi
fi
}