Added certreq to make creating more complex CSRs easier.
[utils.git] / certreq
1 #!/bin/bash
2
3 usage() {
4     echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
5     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
6     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
7 }
8
9 declare -A reqexts config
10 while getopts ha: OPT; do
11     case "$OPT" in
12         h)
13             usage
14             exit 0
15             ;;
16         a)
17             reqexts[SAN]=1
18             config[SAN]=1
19             config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
20             ;;
21     esac
22 done
23 shift $((OPTIND - 1))
24 if [ $# -lt 2 ]; then
25     usage >&2
26     exit 1
27 fi
28
29 args=(openssl req -new)
30 if [ -n "${!reqexts[*]}" ]; then
31     args=("${args[@]}" -reqexts "${!reqexts[@]}")
32 fi
33 if [ -n "${!config[*]}" ]; then
34     confpath="$(mktemp /tmp/certreq-XXXXXX)"
35     cat /etc/ssl/openssl.cnf >>"$confpath"
36     for section in "${!config[@]}"; do
37         echo "[${section}]" >>"$confpath"
38         var="config_${section}[@]"
39         for confopt in "${!var}"; do
40             echo "$confopt" >>"$confpath"
41         done
42         echo >>"$confpath"
43     done
44     trap 'rm -f "$confpath"' EXIT
45     args=("${args[@]}" -config "$confpath")
46 fi
47 args=("${args[@]}" -subj "$1" -key "$2")
48
49 "${args[@]}"