| 1 | #!/bin/bash |
| 2 | |
| 3 | usage() { |
| 4 | echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE" |
| 5 | echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\' |
| 6 | echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\' |
| 7 | } |
| 8 | |
| 9 | declare -A reqexts config |
| 10 | while getopts ha: OPT; do |
| 11 | case "$OPT" in |
| 12 | h) |
| 13 | usage |
| 14 | exit 0 |
| 15 | ;; |
| 16 | a) |
| 17 | reqexts[SAN]=1 |
| 18 | config[SAN]=1 |
| 19 | config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG") |
| 20 | ;; |
| 21 | esac |
| 22 | done |
| 23 | shift $((OPTIND - 1)) |
| 24 | if [ $# -lt 2 ]; then |
| 25 | usage >&2 |
| 26 | exit 1 |
| 27 | fi |
| 28 | |
| 29 | args=(openssl req -new) |
| 30 | if [ -n "${!reqexts[*]}" ]; then |
| 31 | args=("${args[@]}" -reqexts "${!reqexts[@]}") |
| 32 | fi |
| 33 | if [ -n "${!config[*]}" ]; then |
| 34 | confpath="$(mktemp /tmp/certreq-XXXXXX)" |
| 35 | cat /etc/ssl/openssl.cnf >>"$confpath" |
| 36 | for section in "${!config[@]}"; do |
| 37 | echo "[${section}]" >>"$confpath" |
| 38 | var="config_${section}[@]" |
| 39 | for confopt in "${!var}"; do |
| 40 | echo "$confopt" >>"$confpath" |
| 41 | done |
| 42 | echo >>"$confpath" |
| 43 | done |
| 44 | trap 'rm -f "$confpath"' EXIT |
| 45 | args=("${args[@]}" -config "$confpath") |
| 46 | fi |
| 47 | args=("${args[@]}" -subj "$1" -key "$2") |
| 48 | |
| 49 | "${args[@]}" |