scripts/own-pki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dev #20260428

Browse Source
This commit is contained in:
Gilles Mouchet 2026-04-28 18:37:06 +02:00
parent 8cc4035fa7
commit 31f3b5578a
3 changed files with 58 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -6,13 +6,10 @@ This toolkit allows you to manage a personal PKI through various bash scripts.
- Linux environment - Linux environment
- Rocky Linux 10 - Rocky Linux 10
- Redhat 10 - Redhat 10
- Packages
- sqlite
- litecli sqlite text client (`pip3 install litecli`)
Not essential for the tools to work, but could be handy
## Installation ## Installation
```bash ```bash
git clone https://gitweb.dyndns.org/scripts/own-ski.git git clone https://gitweb.dyndns.org/scripts/own-pki.git
``` ```
```bash ```bash
sudo ./install.sh sudo ./install.sh
@ -20,25 +17,24 @@ sudo ./install.sh
## Configuration ## Configuration
### Config file ### Config file
Edit configuration file `/etc/own-pki/own-pki.conf`
### Database
```bash
./create-db.sh
```
## Tools list ## Tools list
| Name | Description | | Name | Description |
| :--- | :--- | | :--- | :--- |
| install.sh | install toolbox own pki | | `install.sh` | install toolbox own pki |
| create-ca.sh | create a Certificate Authority (CA) | | `create-ca.sh` | create a Certificate Authority (CA) |
| `generate-cert.sh` | generate a certificat |
| `info-cert.sh` | display certificate info |
| `remove-cert.sh` | remove a certificate |
| `renew-cert.sh` | recertify a certificate |
## Sources ## Sources
- https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html - [OpenSSL Certificate Authority](https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html)
## Changelog ## Changelog
### [1.0.0] - 2026-04-18 ### [1.0.0] - 2026-04-18
#### Added #### Added
- - scripts
#### Project initialization #### Project initialization
- initialized by [GMo](mailto:gilles.mouchet@geneve.ch) - initialized by [GMo](mailto:gilles.mouchet@geneve.ch)

37
config/own-pki.conf
View File

@ -1,53 +1,40 @@
# Enables colorization (true) or disables it (false) # Enables colorization (true) or disables it (false)
#ENABLE_COLOR=true ENABLE_COLOR=true
# Default number of days for the certificate's validity # Default number of days for the certificate's validity
# This can be overridden with the `-t or --days` option # This can be overridden with the `-t or --days` option
# when running the script. # when running the script.
#DAYS=365 DAYS=365
# Variables to use for create ca-config file # Variables to use for create CA
# Country Name (2 letter code) # Country Name (2 letter code)
#COUNTRY_NAME=CH COUNTRY_NAME=CH
# State or province name (full name) # State or province name (full name)
#STATE_OR_PROVINCE_NAME=Vaud STATE_OR_PROVINCE_NAME=Vaud
# Locality name (eg, city) # Locality name (eg, city)
#LOCALITY_NAME=Nyon LOCALITY_NAME=Nyon
# Organization name (eg, company) # Organization name (eg, company)
#ORGANIZATION_NAME="GMO Lab (gmolab)" ORGANIZATION_NAME="GMO Lab (gmolab)"
# Organizational Unit Name (eg, section) # Organizational Unit Name (eg, section)
#ORGANIZATIONAL_UNIT_NAME="ITCS (Information Technology and Communications Service)" ORGANIZATIONAL_UNIT_NAME="ITCS (Information Technology and Communications Service)"
# NOT USE. SET WITH PARAM -n from create-ca.sh script # NOT USE. SET WITH PARAM -n from create-ca.sh script
# Common Name (eg, YOUR name) # Common Name (eg, YOUR name)
#COMMON_NAME="GMOLab CA" COMMON_NAME="GMOLab CA"
# Email address # Email address
#EMAIL_ADDRESS=example@example.com EMAIL_ADDRESS=example@example.com
# Debug # Debug
# false = debug inactive # false = debug inactive
# true = debug active # true = debug active
#DEBUG=false DEBUG=false
# Automatically answers yes to the questions # Automatically answers yes to the questions
# 0 = Ask confirmation # 0 = Ask confirmation
# 1 = does not ask confirmation # 1 = does not ask confirmation
#ASSUME_YES=0 ASSUME_YES=0
# If you change a path below, you must run 'sudo ./install.sh --reload-conf'.
# Path to certificate files
#CERTS_PATH=/var/lib/own-pki/certs
# Path to the certificate authority's private key file
#KEY_CA_PATH=/var/lib/ca/key
# Path to the certificate authority's public key file
#CRT_CA_PATH=/var/lib/ca/crt
# Path to pki scripts
#BIN_PATH=/opt/own-pki

52
tests/random-cert.sh
View File

@ -1,8 +1,30 @@
#/bin/bash #!/bin/bash
#############################################################
# Script name: random-cert.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: v1beta 2026-04-28
# Description: Generation certificates randomly
# License: CC BY-NC 4.0 (https://creativecommons.org/licenses/by-nc/4.0/)
#
# This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND.
# Commercial use is strictly prohibited without prior authorization.
#
# Changelog
# [1.0.0] - 2026-04-28
# Added:
# - generation certificates randomly
# Project initialization
# - initialization by gilles.mouchet@gmail.com
#
############################################################
#
version=1.0.0 version=1.0.0
############################################################
# FUNCTIONS
############################################################
#-----------------------------------------------------------
# Display usage
usage() { usage() {
cat << EOF cat << EOF
Usage: sudo ./$(basename "$0") options Usage: sudo ./$(basename "$0") options
@ -18,7 +40,8 @@ Options:
Show script version Show script version
EOF EOF
} }
#-----------------------------------------------------------
# Create a temporary certificate authority
create_tempo_ca(){ create_tempo_ca(){
if [ ! -f "${CRT_CA_PATH}/${CA_CRT}" ]; then if [ ! -f "${CRT_CA_PATH}/${CA_CRT}" ]; then
echo "Creation of a temporary CA" echo "Creation of a temporary CA"
@ -43,7 +66,8 @@ create_tempo_ca(){
chmod 444 $CRT_CA_PATH/$CA_CRT chmod 444 $CRT_CA_PATH/$CA_CRT
fi fi
} }
#-----------------------------------------------------------
# Generate certificate
generate_cert() { generate_cert() {
local CA_CRT="" local CA_CRT=""
local CA_KEY="" local CA_KEY=""
@ -117,8 +141,8 @@ EOF
echo -n "Result of certificate signing: " echo -n "Result of certificate signing: "
check_rc $rc check_rc $rc
} }
#-----------------------------------------------------------
# Fonction pour générer un FQDN # generates a random FQDN
gen_fqdn() { gen_fqdn() {
local sub_len=$((RANDOM % 8 + 3)) local sub_len=$((RANDOM % 8 + 3))
local name_len=$((RANDOM % 13 + 3)) local name_len=$((RANDOM % 13 + 3))
@ -130,13 +154,13 @@ gen_fqdn() {
echo "tempo-${sub}.${name}.${tld[$((RANDOM % ${#tld[@]}))]}" echo "tempo-${sub}.${name}.${tld[$((RANDOM % ${#tld[@]}))]}"
} }
#-----------------------------------------------------------
# Fonction IP # generates a random IP
gen_ip() { gen_ip() {
echo "$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256))" echo "$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256))"
} }
#-----------------------------------------------------------
# Liste (fqdn ou ip) # list (fqdn or ip)
gen_list() { gen_list() {
local type=$1 local type=$1
local count=$((RANDOM % 3 + 3)) local count=$((RANDOM % 3 + 3))
@ -237,11 +261,5 @@ EOF
;; ;;
esac esac
done done
} }
main "$@" main "$@"