From 31f3b5578a2af00de5ec92857a8def9f74cf9079 Mon Sep 17 00:00:00 2001 From: Gilles Mouchet Date: Tue, 28 Apr 2026 18:37:06 +0200 Subject: [PATCH] dev #20260428 --- README.md | 26 ++++++++++------------ config/own-pki.conf | 37 ++++++++++--------------------- tests/random-cert.sh | 52 +++++++++++++++++++++++++++++--------------- 3 files changed, 58 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index 9585078..0f5b205 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,10 @@ This toolkit allows you to manage a personal PKI through various bash scripts. - Linux environment - Rocky Linux 10 - Redhat 10 -- Packages - - sqlite - - litecli sqlite text client (`pip3 install litecli`) -Not essential for the tools to work, but could be handy + ## Installation ```bash -git clone https://gitweb.dyndns.org/scripts/own-ski.git +git clone https://gitweb.dyndns.org/scripts/own-pki.git ``` ```bash sudo ./install.sh @@ -20,25 +17,24 @@ sudo ./install.sh ## Configuration ### Config file - -### Database -```bash -./create-db.sh -``` +Edit configuration file `/etc/own-pki/own-pki.conf` ## Tools list | Name | Description | | :--- | :--- | -| install.sh | install toolbox own pki | -| create-ca.sh | create a Certificate Authority (CA) | - +| `install.sh` | install toolbox own pki | +| `create-ca.sh` | create a Certificate Authority (CA) | +| `generate-cert.sh` | generate a certificat | +| `info-cert.sh` | display certificate info | +| `remove-cert.sh` | remove a certificate | +| `renew-cert.sh` | recertify a certificate | ## Sources -- https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html +- [OpenSSL Certificate Authority](https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html) ## Changelog ### [1.0.0] - 2026-04-18 #### Added -- +- scripts #### Project initialization - initialized by [GMo](mailto:gilles.mouchet@geneve.ch) diff --git a/config/own-pki.conf b/config/own-pki.conf index f23a326..033d863 100644 --- a/config/own-pki.conf +++ b/config/own-pki.conf @@ -1,53 +1,40 @@ # Enables colorization (true) or disables it (false) -#ENABLE_COLOR=true +ENABLE_COLOR=true # Default number of days for the certificate's validity # This can be overridden with the `-t or --days` option # when running the script. -#DAYS=365 +DAYS=365 -# Variables to use for create ca-config file +# Variables to use for create CA # Country Name (2 letter code) -#COUNTRY_NAME=CH +COUNTRY_NAME=CH # State or province name (full name) -#STATE_OR_PROVINCE_NAME=Vaud +STATE_OR_PROVINCE_NAME=Vaud # Locality name (eg, city) -#LOCALITY_NAME=Nyon +LOCALITY_NAME=Nyon # Organization name (eg, company) -#ORGANIZATION_NAME="GMO Lab (gmolab)" +ORGANIZATION_NAME="GMO Lab (gmolab)" # Organizational Unit Name (eg, section) -#ORGANIZATIONAL_UNIT_NAME="ITCS (Information Technology and Communications Service)" +ORGANIZATIONAL_UNIT_NAME="ITCS (Information Technology and Communications Service)" # NOT USE. SET WITH PARAM -n from create-ca.sh script # Common Name (eg, YOUR name) -#COMMON_NAME="GMOLab CA" +COMMON_NAME="GMOLab CA" # Email address -#EMAIL_ADDRESS=example@example.com +EMAIL_ADDRESS=example@example.com # Debug # false = debug inactive # true = debug active -#DEBUG=false +DEBUG=false # Automatically answers yes to the questions # 0 = Ask confirmation # 1 = does not ask confirmation -#ASSUME_YES=0 - -# If you change a path below, you must run 'sudo ./install.sh --reload-conf'. -# Path to certificate files -#CERTS_PATH=/var/lib/own-pki/certs - -# Path to the certificate authority's private key file -#KEY_CA_PATH=/var/lib/ca/key - -# Path to the certificate authority's public key file -#CRT_CA_PATH=/var/lib/ca/crt - -# Path to pki scripts -#BIN_PATH=/opt/own-pki +ASSUME_YES=0 diff --git a/tests/random-cert.sh b/tests/random-cert.sh index ed32fc4..85ea80b 100755 --- a/tests/random-cert.sh +++ b/tests/random-cert.sh @@ -1,8 +1,30 @@ -#/bin/bash - - +#!/bin/bash +############################################################# +# Script name: random-cert.sh +# Author: Gilles Mouchet (gilles.mouchet@gmail.com +# Version: v1beta 2026-04-28 +# Description: Generation certificates randomly +# License: CC BY-NC 4.0 (https://creativecommons.org/licenses/by-nc/4.0/) +# +# This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND. +# Commercial use is strictly prohibited without prior authorization. +# +# Changelog +# [1.0.0] - 2026-04-28 +# Added: +# - generation certificates randomly +# Project initialization +# - initialization by gilles.mouchet@gmail.com +# +############################################################ +# version=1.0.0 +############################################################ +# FUNCTIONS +############################################################ +#----------------------------------------------------------- +# Display usage usage() { cat << EOF Usage: sudo ./$(basename "$0") options @@ -18,7 +40,8 @@ Options: Show script version EOF } - +#----------------------------------------------------------- +# Create a temporary certificate authority create_tempo_ca(){ if [ ! -f "${CRT_CA_PATH}/${CA_CRT}" ]; then echo "Creation of a temporary CA" @@ -43,7 +66,8 @@ create_tempo_ca(){ chmod 444 $CRT_CA_PATH/$CA_CRT fi } - +#----------------------------------------------------------- +# Generate certificate generate_cert() { local CA_CRT="" local CA_KEY="" @@ -117,8 +141,8 @@ EOF echo -n "Result of certificate signing: " check_rc $rc } - -# Fonction pour générer un FQDN +#----------------------------------------------------------- +# generates a random FQDN gen_fqdn() { local sub_len=$((RANDOM % 8 + 3)) local name_len=$((RANDOM % 13 + 3)) @@ -130,13 +154,13 @@ gen_fqdn() { echo "tempo-${sub}.${name}.${tld[$((RANDOM % ${#tld[@]}))]}" } - -# Fonction IP +#----------------------------------------------------------- +# generates a random IP gen_ip() { echo "$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256))" } - -# Liste (fqdn ou ip) +#----------------------------------------------------------- +# list (fqdn or ip) gen_list() { local type=$1 local count=$((RANDOM % 3 + 3)) @@ -237,11 +261,5 @@ EOF ;; esac done - - - - - - } main "$@" \ No newline at end of file