-
Notifications
You must be signed in to change notification settings - Fork 2
/
issue_cert_template.sh
executable file
·68 lines (56 loc) · 2.06 KB
/
issue_cert_template.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/bin/bash
source ./env.sh
HOST="$HOST_STRING"
#DOMAIN="$DOMAIN_STRING"
SUBJECT_CN="$SUBJECT_CN_STRING"
VAULT_ROLE="$VAULT_ROLE_STRING"
IP_SAN1="$IP_SAN1_STRING"
ALT_NAME1="$ALT_NAME1_STRING"
#IP_SAN2=""
#ALT_NAME2="$ALT_NAME2_STRING"
TTL="$TTL_STRING"
KEY_TYPE="$KEY_TYPE_STRING"
KEY_BITS="$KEY_BITS_STRING"
OUT_DIR="${SUBJECT_CN}"
OUT_FILE="${HOST}_csr_signed_output.json"
NO_TLS="$NO_TLS_STRING"
if [ ! -d "${OUT_DIR}" ]; then
mkdir "${OUT_DIR}"
fi
vault write "${NO_TLS}" -format=json pki_int/issue/"${VAULT_ROLE}" \
common_name="${SUBJECT_CN}" \
ip_sans="${IP_SAN1}" \
alt_names="${ALT_NAME1}" \
key_type="${KEY_TYPE}" \
key_bits="${KEY_BITS}" \
ttl="${TTL}" | tee "${OUT_DIR}/${OUT_FILE}"
# alternative example command that allows multiple SAN entries
# adjust as needed, and populate variables accordingly at the top of this script
#vault write -format=json pki_int/issue/"$VAULT_ROLE" \
# common_name=${SUBJECT_CN} ip_sans="${IP_SAN1},${IP_SAN2}" \
# alt_names="${ALT_NAME1},${ALT_NAME2}" ttl=${TTL} | tee ${OUT_FILE}
jq -r '.data.certificate,.data.issuing_ca' "${OUT_DIR}/${OUT_FILE}" > \
"${OUT_DIR}/${HOST}_cert.crt"
jq -r '.data.private_key' "$OUT_DIR/${OUT_FILE}" >"${OUT_DIR}/${HOST}_cert.key"
printf "\n%s" \
"*** To view ${HOST}_cert.key private certificate execute this command:***" \
"openssl pkey -in ${OUT_DIR}/${HOST}_cert.key -check" \
"" \
"*** To view ${HOST}_cert.key public certificate execute this command:***" \
"openssl pkey -in ${OUT_DIR}/${HOST}_cert.key -pubout" \
"" \
"*** To view ${HOST}_cert.crt public certificate execute this command:***" \
"openssl x509 -in ${OUT_DIR}/${HOST}_cert.crt -text -noout" \
"" \
""
touch "${OUT_DIR}/created_$(date +"%Y-%m-%d--%H-%M-%S")"
cp "${OUT_DIR}/${HOST}_cert.crt" ./docker/.
cp "${OUT_DIR}/${HOST}_cert.key" ./docker/.
printf "\n%s" \
"*** copied ${HOST}_cert.crt to ./docker/${HOST}_cert.crt***" \
"" \
"*** copied ${HOST}_cert.key to ./docker/${HOST}_cert.key***" \
"" \
"edit the DockerFile in ./docker to create the image and execute the container" \
"" \
""