update
This commit is contained in:
parent
205e749b28
commit
f3b70342f9
64
certify.sh
64
certify.sh
@ -3,24 +3,68 @@
|
|||||||
echo "Saisir le nom de domaine ?"
|
echo "Saisir le nom de domaine ?"
|
||||||
read domain
|
read domain
|
||||||
openssl genpkey -algorithm RSA -out ${domain}.key
|
openssl genpkey -algorithm RSA -out ${domain}.key
|
||||||
echo "clé generate"
|
|
||||||
|
|
||||||
content="[req]\ndistinguished_name = req_distinguished_name\nreq_extasions = v3_req\nprompt = no\n\n[req_distinguished_name]\nC = FR\nST = Nord\nL = ROUBAIX\nO = Tips-Of-Mine\nOU = IT\nCN = Tips-Of-Mine.local\nmailAddress = admin@tips-of-mine.fr\n\n[v3_req]\nsubjectKeyIdentifier = @alt_names\n\n[alt_names]\nDNS.1=${domain}\n"
|
echo "Generation fichier clé"
|
||||||
|
|
||||||
echo ${content} > ${domain}.cnf
|
cat > ${domain}.cnf << EOF
|
||||||
|
[req]
|
||||||
|
distinguished_name=req_distinguished_name
|
||||||
|
req_extasions=v3_req
|
||||||
|
prompt=no
|
||||||
|
|
||||||
echo "fichier cree"
|
[req_distinguished_name]
|
||||||
|
C=FR
|
||||||
|
ST=Nord
|
||||||
|
L=Wattrelos
|
||||||
|
O=Tapis-Saint-Maclou
|
||||||
|
OU=Tapis-Saint-Maclou IT
|
||||||
|
CN=${domain}
|
||||||
|
|
||||||
|
[v3_req]
|
||||||
|
subjectAltName=@alt_names
|
||||||
|
|
||||||
|
[alt_names]
|
||||||
|
DNS.1=${domain}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Fichier clé crée"
|
||||||
|
|
||||||
|
echo "Generation fichier CSR"
|
||||||
|
|
||||||
openssl req -new -key ${domain}.key -out ${domain}.csr -config ${domain}.cnf
|
openssl req -new -key ${domain}.key -out ${domain}.csr -config ${domain}.cnf
|
||||||
|
|
||||||
echo "CSR cree"
|
echo "Fichier CSR crée"
|
||||||
|
|
||||||
|
echo "Transferet du fichier CSR"
|
||||||
|
|
||||||
|
cp ${domain}.csr /etc/ssl/CA/
|
||||||
|
#sshpass -p "root" scp ${domain}.csr root@SLPKIWOSP01.fr.dgs.group:etc/ssl/CA/"
|
||||||
|
|
||||||
sshpass -p "root" scp ${domain}.csr root@10.0.4.3:etc/ssl/CA/"
|
|
||||||
echo "CSR transmit"
|
echo "CSR transmit"
|
||||||
|
|
||||||
sleep 2
|
sleep 2
|
||||||
sshpass -p "root" scp ${domain}.conf root@10.0.4.3:etc/ssl/CA/"
|
|
||||||
|
echo "Transferet du fichier CNF"
|
||||||
|
|
||||||
|
cp ${domain}.cnf /etc/ssl/CA/
|
||||||
|
#sshpass -p "root" scp ${domain}.conf root@SLPKIWOSP01.fr.dgs.group:etc/ssl/CA/"
|
||||||
|
|
||||||
echo "Config transmit"
|
echo "Config transmit"
|
||||||
|
|
||||||
sleep 3
|
sleep 3
|
||||||
echo "téléchargement"
|
|
||||||
wget https://10.0.4.3/certs/${domain}.crt -P /etc/ssl/private/localcerts/
|
echo "Transferet du fichier key"
|
||||||
sleep 4
|
|
||||||
|
cp ${domain}.key /var/www/html/keys/
|
||||||
|
#sshpass -p "root" scp ${domain}.conf root@SLPKIWOSP01.fr.dgs.group:/var/www/html/keys/"
|
||||||
|
|
||||||
|
echo "Config transmit"
|
||||||
|
|
||||||
|
sleep 4
|
||||||
|
|
||||||
|
echo "Téléchargement du certificat"
|
||||||
|
|
||||||
|
wget https://slpkiwosp01.fr.dgs.group/certs/${domain}.crt -P /etc/ssl/private/localcerts/
|
||||||
|
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
|||||||
@ -1,20 +1,29 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
csr-file="$1"
|
csr_file="$1"
|
||||||
config-file="$2"
|
config_file="$2"
|
||||||
file-name="$3"
|
file_name="$3"
|
||||||
|
|
||||||
file-name=$(basename ${file-name}.csr)
|
echo " ** Fichier CSR : ${csr_file}"
|
||||||
|
echo " ** Fichier CNF : ${config_file}"
|
||||||
|
echo " ** Fichier : ${file_name}"
|
||||||
|
|
||||||
ca-cer-path="/etc/ssl/CA/ca.crt"
|
file_name=$(basename "${file_name}" .csr)
|
||||||
ca-key-path="/etc/ssl/CA/ca.key"
|
|
||||||
|
|
||||||
signed-cert-path="/var/www/html/certs/${file-name}.crt"
|
ca_cer_path="/etc/ssl/CA/ca.crt"
|
||||||
|
ca_key_path="/etc/ssl/CA/ca.key"
|
||||||
|
|
||||||
passphrase="azerty"
|
signed_cert_path="/var/www/html/certs/${file_name}.crt"
|
||||||
|
path="/var/www/html/"
|
||||||
|
|
||||||
echo " * Start"
|
passphrase="@z3rty"
|
||||||
|
|
||||||
openssl x509 -req -in "${csr-file}" -CA "${ca-cer-path}" -CAkey "${ca-key-path}" -out "${signed-cert-path}" -days 365 -extfile "${config-file}" -extensions v3_req -passin "${passphrase}"
|
echo " *** Start"
|
||||||
|
|
||||||
echo " * End ${signed-cert-path}"
|
openssl x509 -req -in "${csr_file}" -CA "${ca_cer_path}" -CAkey "${ca_key_path}" -out "${signed_cert_path}" -days 365 -extfile "${config_file}" -extensions v3_req -passin pass:"${passphrase}"
|
||||||
|
|
||||||
|
echo " *** End ${signed_cert_path}"
|
||||||
|
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
chown -R www-data:www-data /var/www/html/*
|
||||||
|
|||||||
18
watch-csr.sh
18
watch-csr.sh
@ -1,15 +1,15 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
watch-folder="/etc/ssl/CA"
|
watch_folder="/etc/ssl/CA"
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
csr-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}")
|
csr_file=$(inotifywait -q -e create --format '%f' "${watch_folder}")
|
||||||
if ["${csr-file}" ]; then
|
if [ "${csr_file}" ]; then
|
||||||
echo " * Fichier recu"
|
echo " * Fichier CSR recu"
|
||||||
config-file=$(inotifytwait -q -e create --format '%f' "${watch-folder}")
|
config_file=$(inotifywait -q -e create --format '%f' "${watch_folder}")
|
||||||
if ["${config-file}" ]; then
|
if [ "${config_file}" ]; then
|
||||||
echo " * Fichier recu"
|
echo " * Fichier CNF recu"
|
||||||
/bin/sh /etc/ssl/CA/sign-certificate.sh "${watch-folder}/${csr-file}" ${watch-folder}/${config-file}" "${csr-file}"
|
/bin/sh /etc/ssl/sign-certificate.sh "${watch_folder}/${csr_file}" "${watch_folder}/${config_file}" "${csr_file}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user