diff --git a/certify.sh b/certify.sh index baf98b1..f5f5c04 100644 --- a/certify.sh +++ b/certify.sh @@ -3,24 +3,68 @@ echo "Saisir le nom de domaine ?" read domain openssl genpkey -algorithm RSA -out ${domain}.key -echo "clé generate" -content="[req]\ndistinguished_name = req_distinguished_name\nreq_extasions = v3_req\nprompt = no\n\n[req_distinguished_name]\nC = FR\nST = Nord\nL = ROUBAIX\nO = Tips-Of-Mine\nOU = IT\nCN = Tips-Of-Mine.local\nmailAddress = admin@tips-of-mine.fr\n\n[v3_req]\nsubjectKeyIdentifier = @alt_names\n\n[alt_names]\nDNS.1=${domain}\n" +echo "Generation fichier clé" -echo ${content} > ${domain}.cnf +cat > ${domain}.cnf << EOF +[req] +distinguished_name=req_distinguished_name +req_extasions=v3_req +prompt=no -echo "fichier cree" +[req_distinguished_name] +C=FR +ST=Nord +L=Wattrelos +O=Tapis-Saint-Maclou +OU=Tapis-Saint-Maclou IT +CN=${domain} + +[v3_req] +subjectAltName=@alt_names + +[alt_names] +DNS.1=${domain} +EOF + +echo "Fichier clé crée" + +echo "Generation fichier CSR" openssl req -new -key ${domain}.key -out ${domain}.csr -config ${domain}.cnf -echo "CSR cree" +echo "Fichier CSR crée" + +echo "Transferet du fichier CSR" + +cp ${domain}.csr /etc/ssl/CA/ +#sshpass -p "root" scp ${domain}.csr root@SLPKIWOSP01.fr.dgs.group:etc/ssl/CA/" -sshpass -p "root" scp ${domain}.csr root@10.0.4.3:etc/ssl/CA/" echo "CSR transmit" + sleep 2 -sshpass -p "root" scp ${domain}.conf root@10.0.4.3:etc/ssl/CA/" + +echo "Transferet du fichier CNF" + +cp ${domain}.cnf /etc/ssl/CA/ +#sshpass -p "root" scp ${domain}.conf root@SLPKIWOSP01.fr.dgs.group:etc/ssl/CA/" + echo "Config transmit" + sleep 3 -echo "téléchargement" -wget https://10.0.4.3/certs/${domain}.crt -P /etc/ssl/private/localcerts/ -sleep 4 \ No newline at end of file + +echo "Transferet du fichier key" + +cp ${domain}.key /var/www/html/keys/ +#sshpass -p "root" scp ${domain}.conf root@SLPKIWOSP01.fr.dgs.group:/var/www/html/keys/" + +echo "Config transmit" + +sleep 4 + +echo "Téléchargement du certificat" + +wget https://slpkiwosp01.fr.dgs.group/certs/${domain}.crt -P /etc/ssl/private/localcerts/ + +sleep 5 + diff --git a/sign-certificate.sh b/sign-certificate.sh index 006b3dc..cf44cd4 100644 --- a/sign-certificate.sh +++ b/sign-certificate.sh @@ -1,20 +1,29 @@ #!/bin/bash -csr-file="$1" -config-file="$2" -file-name="$3" +csr_file="$1" +config_file="$2" +file_name="$3" -file-name=$(basename ${file-name}.csr) +echo " ** Fichier CSR : ${csr_file}" +echo " ** Fichier CNF : ${config_file}" +echo " ** Fichier : ${file_name}" -ca-cer-path="/etc/ssl/CA/ca.crt" -ca-key-path="/etc/ssl/CA/ca.key" +file_name=$(basename "${file_name}" .csr) -signed-cert-path="/var/www/html/certs/${file-name}.crt" +ca_cer_path="/etc/ssl/CA/ca.crt" +ca_key_path="/etc/ssl/CA/ca.key" -passphrase="azerty" +signed_cert_path="/var/www/html/certs/${file_name}.crt" +path="/var/www/html/" -echo " * Start" +passphrase="@z3rty" -openssl x509 -req -in "${csr-file}" -CA "${ca-cer-path}" -CAkey "${ca-key-path}" -out "${signed-cert-path}" -days 365 -extfile "${config-file}" -extensions v3_req -passin "${passphrase}" +echo " *** Start" -echo " * End ${signed-cert-path}" \ No newline at end of file +openssl x509 -req -in "${csr_file}" -CA "${ca_cer_path}" -CAkey "${ca_key_path}" -out "${signed_cert_path}" -days 365 -extfile "${config_file}" -extensions v3_req -passin pass:"${passphrase}" + +echo " *** End ${signed_cert_path}" + +sleep 5 + +chown -R www-data:www-data /var/www/html/* diff --git a/watch-csr.sh b/watch-csr.sh index 448fca2..15c19b7 100644 --- a/watch-csr.sh +++ b/watch-csr.sh @@ -1,15 +1,15 @@ #!/bin/bash -watch-folder="/etc/ssl/CA" +watch_folder="/etc/ssl/CA" while true; do - csr-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}") - if ["${csr-file}" ]; then - echo " * Fichier recu" - config-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}") - if ["${config-file}" ]; then - echo " * Fichier recu" - /bin/sh /etc/ssl/CA/sign-certificate.sh "${watch-folder}/${csr-file}" ${watch-folder}/${config-file}" "${csr-file}" + csr_file=$(inotifywait -q -e create --format '%f' "${watch_folder}") + if [ "${csr_file}" ]; then + echo " * Fichier CSR recu" + config_file=$(inotifywait -q -e create --format '%f' "${watch_folder}") + if [ "${config_file}" ]; then + echo " * Fichier CNF recu" + /bin/sh /etc/ssl/sign-certificate.sh "${watch_folder}/${csr_file}" "${watch_folder}/${config_file}" "${csr_file}" fi fi -done \ No newline at end of file +done