| 179 |
rodolico |
1 |
#! /usr/bin/env perl
|
|
|
2 |
|
|
|
3 |
use strict;
|
|
|
4 |
use warnings;
|
|
|
5 |
|
|
|
6 |
my $configFile = 'openssl.cnf'; # prototype for the domain specific config file
|
|
|
7 |
|
|
|
8 |
# they must pass in at least a domain. All other cli params taken as aliases
|
|
|
9 |
# this will also be the filename for each file created, ie $DOMAIN.extension
|
|
|
10 |
my $DOMAIN = shift;
|
|
|
11 |
die "Usage: $0 domain [alias alias]\n" unless $DOMAIN;
|
|
|
12 |
|
|
|
13 |
# if the domain doesn't have an ext file, create it
|
|
|
14 |
if ( ! -f "$DOMAIN.ext" ) {
|
|
|
15 |
# read in the default config file
|
|
|
16 |
open CNF, "<$configFile" or die "Could not read $configFile: $!\n";
|
|
|
17 |
my @config = <CNF>;
|
|
|
18 |
close CNF;
|
|
|
19 |
# remove all line endings
|
|
|
20 |
chomp @config;
|
|
|
21 |
# the first DNS entry is the actual domain.
|
|
|
22 |
push @config, "DNS.1=$DOMAIN";
|
|
|
23 |
my $dns = 2;
|
|
|
24 |
# read in all aliases and add them as a separate DNS entry
|
|
|
25 |
while ( my $alias = shift ) {
|
|
|
26 |
push @config, "DNS.$dns=$alias";
|
|
|
27 |
$dns++;
|
|
|
28 |
}
|
|
|
29 |
# print the ext file back out
|
|
|
30 |
open CNF, ">$DOMAIN.ext" or die "Could not write to $DOMAIN.ext: $!\n";
|
|
|
31 |
print CNF join( "\n", @config ) . "\n";
|
|
|
32 |
close CNF;
|
|
|
33 |
}
|
|
|
34 |
|
|
|
35 |
# Create an rsa key into $DOMAIN.key
|
|
|
36 |
`openssl genrsa -out $DOMAIN.key 2048`;
|
|
|
37 |
# create a signing request, using $DOMAIN.ext for all the DN stuff saved in $DOMAIN.csr
|
|
|
38 |
`openssl req -new -key $DOMAIN.key -out $DOMAIN.csr -config $DOMAIN.ext`;
|
|
|
39 |
# generate the actual crt file as $DOMAIN.crt, using the csr and ext file
|
|
|
40 |
`openssl x509 -req -in $DOMAIN.csr -CA vanduzen_CA.pem -CAkey vanduzen_CA.key -CAcreateserial -out $DOMAIN.crt -days 365 -sha256 -extfile $DOMAIN.ext`;
|
|
|
41 |
|
|
|
42 |
|
|
|
43 |
1;
|