165 lines
4.8 KiB
Bash
Executable File
165 lines
4.8 KiB
Bash
Executable File
#!/bin/bash
|
|
#############################################################
|
|
# Script name: create-CA.sh
|
|
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
|
|
# Version: 1.0.0
|
|
# Description: Script to create a own CA
|
|
# License: GNU GPL v3
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# Changelog
|
|
# [1.0.0] - 2026-04-19
|
|
# Added:
|
|
# - CA creation
|
|
# Project initialization:
|
|
# - initialization by gilles.mouchet@gmail.com
|
|
#
|
|
############################################################
|
|
|
|
version=1.0.0
|
|
|
|
############################################################
|
|
# FUNCTIONS
|
|
############################################################
|
|
#-----------------------------------------------------------
|
|
# display usage
|
|
usage() {
|
|
cat << EOF
|
|
Usage: ./$(basename "$0") -n <commonName>
|
|
Template script
|
|
Options:
|
|
-n, --cn <cn> - CA common name [mandatory]
|
|
-h, --help - show this help
|
|
-v, --version - show script version
|
|
|
|
Examples:
|
|
Create CA called "GMOLab CA"
|
|
./$(basename "$0") -n "GMOLab CA"
|
|
EOF
|
|
}
|
|
|
|
#-----------------------------------------------------------
|
|
############################################################
|
|
# MAIN
|
|
############################################################
|
|
|
|
main(){
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
|
|
|
# read library
|
|
source "$ROOT_DIR/lib/stdlib.sh"
|
|
|
|
# check if param exist
|
|
if [ -z "$1" ]; then
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
# init config
|
|
init_default
|
|
init_env
|
|
|
|
# set color
|
|
set_color
|
|
|
|
# check if script is runnibf with sudo
|
|
check_sudo
|
|
|
|
# read cli parameters
|
|
while [[ "$#" -gt 0 ]]; do
|
|
case "$1" in
|
|
-n|--commonname)
|
|
# check if param $2 exist
|
|
if [ -z "$2" ]; then
|
|
echo -e "\n${RED}Error: Argument missing for option -n or --name${NC}\n"
|
|
usage
|
|
exit 1
|
|
else
|
|
COMMON_NAME="$2"
|
|
fi
|
|
shift 2
|
|
;;
|
|
version|-v|--version)
|
|
cat << EOF
|
|
$(basename "$0") $version Copyright (C) 2003 - $(date +%Y) Gilles Mouchet
|
|
EOF
|
|
exit
|
|
;;
|
|
*|-h|--help)
|
|
usage
|
|
exit
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
# clean variable commonName
|
|
CA_NAME=$(clean_string "${COMMON_NAME}")
|
|
# summary
|
|
|
|
printf "
|
|
${CYAN}Summary
|
|
----------------------------------------------------------------------------${NC}
|
|
CA private file name (key): ${GREEN}%s.key${NC}
|
|
CA public file name (crt): ${GREEN}%s.crt${NC}
|
|
|
|
${CYAN}Informations${NC}
|
|
Country name: ${ORANGE}%s${NC}
|
|
State or province name: ${ORANGE}%s${NC}
|
|
Locality name: ${ORANGE}%s${NC}
|
|
Organization name: ${ORANGE}%s${NC}
|
|
Organizational unit name: ${ORANGE}%s${NC}
|
|
Common name: ${ORANGE}%s${NC}
|
|
Email address: ${ORANGE}%s${NC}
|
|
|
|
${RED}IMPORTANT${NC}
|
|
You will be asked for a password. Choose a ${RED}STRONG PASSWORD${NC}
|
|
and KEEP IT SECURE.
|
|
|
|
You will be asked for it when creating certificates.
|
|
|
|
For automation, save the password in /root/.cred (KEY_CA_PASS=password).
|
|
|
|
" "${KEY_CA_PATH}/${CA_NAME}" "${CRT_CA_PATH}/${CA_NAME}" \
|
|
"$COUNTRY_NAME" "$STATE_OR_PROVINCE_NAME" "$LOCALITY_NAME" \
|
|
"$ORGANIZATION_NAME" "$ORGANIZATIONAL_UNIT_NAME" "$COMMON_NAME" "$EMAIL_ADDRESS"
|
|
|
|
yes_no "Is it ok"
|
|
|
|
# check if CA files exist
|
|
if [ -f "$KEY_CA_PATH/$CA_NAME.key" ]; then
|
|
msg_warn "\n$KEY_CA_PATH/$CA_NAME.key already exists!\n"
|
|
yes_no "Are you sure you want to delete it"
|
|
fi
|
|
|
|
# config ca-conf file
|
|
sed -e "s|%COUNTRY_NAME%|$COUNTRY_NAME|" \
|
|
-e "s|%STATE_OF_PROVINCE_NAME%|$STATE_OR_PROVINCE_NAME|" \
|
|
-e "s|%LOCALITY_NAME%|$LOCALITY_NAME|" \
|
|
-e "s|%ORGANIZITION_NAME%|$ORGANIZATION_NAME|" \
|
|
-e "s|%ORGANiZATION_UNIT_NAME%|$ORGANIZATIONAL_UNIT_NAME|" \
|
|
-e "s|%COMMON_NAME%|$COMMON_NAM|" \
|
|
-e "s|%EMAIL_ADDRESS%|$EMAIL_ADDRESS|" < $ROOT_DIR/config/ca-config.tmpl > $ROOT_DIR/config/ca-config
|
|
|
|
# create ca
|
|
openssl req -new -x509 -extensions v3_ca -days 1825 -newkey rsa:4096 \
|
|
-keyout ${KEY_CA_PATH}/${CA_NAME}.key \
|
|
-out ${CRT_CA_PATH}/${CA_NAME}.crt \
|
|
-config $ROOT_DIR/config/ca-config \
|
|
-batch > /dev/null 2>&1
|
|
|
|
if [ "$?" == "0" ]; then
|
|
echo -e "${RED}!! Keep your password safe !! ${NC}"
|
|
echo -e "${GREEN}CA created successfully ${NC}"
|
|
echo -e "Install ${ORANGE}${CRT_CA_PATH}/${CA_NAME}.crt${NC} in you browser."
|
|
else
|
|
echo -e "${RED}An error occured (rc: $?)${NC}"
|
|
fi
|
|
}
|
|
main "$@"
|