#/bin/bash generate_cert() { local CA_CRT="" local CA_KEY="" local COMMON_NAME="" local DAYS="$DAYS" local DNS=() local IP_ADDRS=() # parsing arguments while [[ $# -gt 0 ]]; do case "$1" in -c) CA_CRT=$2.crt; CA_KEY=$2.key ;shift 2 ;; -n) COMMON_NAME="$2"; shift 2 ;; -d) DNS_LINE="$COMMON_NAME,$2"; shift 2 ;; -i) IP_ADDRS_LINE=("$2"); shift 2 ;; -t) DAYS="$2"; shift 2 ;; *) echo "Option inconnue: $1"; return 1 ;; esac done IFS=',' read -r -a IP_ADDRS <<< "$IP_ADDRS_LINE" IFS=',' read -r -a DNS <<< "$DNS_LINE" if [ "${#DNS[@]}" -eq 0 ]; then DNS+="$COMMON_NAME" fi cat > "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" << EOF [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [ req_distinguished_name ] CN = $COMMON_NAME [ req_ext ] subjectAltName = @alt_names [ alt_names ] EOF # Add san dns" idns=1 for SAN_DNS in "${DNS[@]}"; do echo "DNS.$idns = $SAN_DNS" >> "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" ((idns++)) done # add san ip iip=1 for SAN_IP in "${IP_ADDRS[@]}"; do echo "IP.$iip = $SAN_IP" >> "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" ((iip++)) done # create certificate echo -e "Generating the private key..." openssl genrsa -out "${CERTS_PATH}/${COMMON_NAME}.key" 4096 echo -e "Generating csr file..." openssl req -new -key "${CERTS_PATH}/${COMMON_NAME}.key" -out "${CERTS_PATH}/${COMMON_NAME}.csr" -config "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" echo -e "Signing the certificate with the CA..." openssl x509 -req -in "${CERTS_PATH}/${COMMON_NAME}.csr" \ -CA "$CRT_CA_PATH/$CA_CRT" -CAkey "$KEY_CA_PATH/$CA_KEY" -CAcreateserial \ -out "${CERTS_PATH}/${COMMON_NAME}.crt" -days "$DAYS" \ -extensions req_ext -extfile "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" \ -passin pass:pa55w0rd \ > /dev/null 2>&1 rc=$? echo -n "Result of certificate signing: " check_rc $rc } # Fonction pour générer un FQDN gen_fqdn() { local sub_len=$((RANDOM % 8 + 3)) local name_len=$((RANDOM % 13 + 3)) local sub=$(tr -dc 'a-z0-9'