Added certreq to make creating more complex CSRs easier.
[utils.git] / certreq
... / ...
CommitLineData
1#!/bin/bash
2
3usage() {
4 echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
5 echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
6 echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
7}
8
9declare -A reqexts config
10while getopts ha: OPT; do
11 case "$OPT" in
12 h)
13 usage
14 exit 0
15 ;;
16 a)
17 reqexts[SAN]=1
18 config[SAN]=1
19 config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
20 ;;
21 esac
22done
23shift $((OPTIND - 1))
24if [ $# -lt 2 ]; then
25 usage >&2
26 exit 1
27fi
28
29args=(openssl req -new)
30if [ -n "${!reqexts[*]}" ]; then
31 args=("${args[@]}" -reqexts "${!reqexts[@]}")
32fi
33if [ -n "${!config[*]}" ]; then
34 confpath="$(mktemp /tmp/certreq-XXXXXX)"
35 cat /etc/ssl/openssl.cnf >>"$confpath"
36 for section in "${!config[@]}"; do
37 echo "[${section}]" >>"$confpath"
38 var="config_${section}[@]"
39 for confopt in "${!var}"; do
40 echo "$confopt" >>"$confpath"
41 done
42 echo >>"$confpath"
43 done
44 trap 'rm -f "$confpath"' EXIT
45 args=("${args[@]}" -config "$confpath")
46fi
47args=("${args[@]}" -subj "$1" -key "$2")
48
49"${args[@]}"