| Line 23... |
Line 23... |
| 23 |
|
23 |
|
| 24 |
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
|
24 |
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
|
| 25 |
my $config = $binDir . "makeCert.conf";
|
25 |
my $config = $binDir . "makeCert.conf";
|
| 26 |
my $sslConfig = $binDir . 'openssl.cnf';
|
26 |
my $sslConfig = $binDir . 'openssl.cnf';
|
| 27 |
|
27 |
|
| 28 |
die "$config\n";
|
- |
|
| 29 |
|
- |
|
| 30 |
my $configFile; # prototype for the domain specific config file
|
28 |
my $configFile; # prototype for the domain specific config file
|
| 31 |
my $caCRT; # location of the CA crt file
|
29 |
my $caCRT; # location of the CA crt file
|
| 32 |
my $caKey; # location of the CA Key file
|
30 |
my $caKey; # location of the CA Key file
|
| 33 |
my $serverCertDir; # where to put the server certs
|
31 |
my $serverCertDir; # where to put the server certs
|
| 34 |
my $certDays; # number of days a certificate is valid for
|
32 |
my $certDays; # number of days a certificate is valid for
|
| Line 41... |
Line 39... |
| 41 |
eval `cat $config`;
|
39 |
eval `cat $config`;
|
| 42 |
|
40 |
|
| 43 |
die "Can not find CA Cert $caCRT\n" unless -f $caCRT;
|
41 |
die "Can not find CA Cert $caCRT\n" unless -f $caCRT;
|
| 44 |
die "Can not find CA Key $caKey\n" unless -f $caKey;
|
42 |
die "Can not find CA Key $caKey\n" unless -f $caKey;
|
| 45 |
|
43 |
|
| - |
|
44 |
# this is a sloppy IPv4 recognizer, but it is faster than the more accurate
|
| - |
|
45 |
# ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
|
| - |
|
46 |
# See https://www.oreilly.com/library/view/regular-expressions-cookbook/9780596802837/ch07s16.html
|
| - |
|
47 |
my $ipv4Regex = '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$';
|
| 46 |
|
48 |
|
| 47 |
# they must pass in at least a domain. All other cli params taken as aliases
|
49 |
# they must pass in at least a domain. All other cli params taken as aliases
|
| 48 |
# this will also be the filename for each file created, ie $DOMAIN.extension
|
50 |
# this will also be the filename for each file created, ie $DOMAIN.extension
|
| 49 |
my $DOMAIN = shift;
|
51 |
my $DOMAIN = shift;
|
| 50 |
die "Usage: $0 domain [alias alias]\n" unless $DOMAIN;
|
52 |
die "Usage: $0 domain [alias alias]\n" unless $DOMAIN;
|
| 51 |
|
53 |
|
| - |
|
54 |
my $extFile = $serverCertDir . "$DOMAIN.ext";
|
| - |
|
55 |
my $crtFile = $serverCertDir . "$DOMAIN.crt";
|
| - |
|
56 |
my $keyFile = $serverCertDir . "$DOMAIN.key";
|
| - |
|
57 |
my $csrFile = $serverCertDir . "$DOMAIN.csr";
|
| - |
|
58 |
|
| 52 |
# if the domain doesn't have an ext file, create it
|
59 |
# if the domain doesn't have an ext file, create it
|
| 53 |
if ( ! -f "$DOMAIN.ext" ) {
|
60 |
if ( ! -f $extFile ) {
|
| - |
|
61 |
print "EXT File not found, creating new one\n";
|
| 54 |
my @newLines;
|
62 |
my @newLines;
|
| 55 |
# read in the default config file
|
63 |
# read in the default config file
|
| 56 |
open CNF, "<$configFile" or die "Could not read $configFile: $!\n";
|
64 |
open CNF, "<$configFile" or die "Could not read $configFile: $!\n";
|
| 57 |
my @config = <CNF>;
|
65 |
my @config = <CNF>;
|
| 58 |
close CNF;
|
66 |
close CNF;
|
| 59 |
# remove all line endings
|
67 |
# remove all line endings
|
| 60 |
chomp @config;
|
68 |
chomp @config;
|
| 61 |
my $line = 0;
|
69 |
my $line = 0;
|
| 62 |
my $inAltNames = 0;
|
70 |
my $inAltNames = 0;
|
| 63 |
for my $line ( @config ) {
|
71 |
for my $line ( @config ) {
|
| - |
|
72 |
if ( $line =~ m/^CN\s*=/ ) { # here is the common name; change it
|
| - |
|
73 |
$line = "CN = $DOMAIN";
|
| 64 |
if ( $line =~ m/^\[\s*alt_names\s*\]/ ) {
|
74 |
} elsif ( $line =~ m/^\[\s*alt_names\s*\]/ ) {
|
| 65 |
$inAltNames = 1;
|
75 |
$inAltNames = 1;
|
| 66 |
next;
|
76 |
next;
|
| 67 |
}
|
77 |
}
|
| 68 |
if ( $inAltNames ) {
|
78 |
if ( $inAltNames ) {
|
| 69 |
next if $line !~ m/^\[/;
|
79 |
next if $line !~ m/^\[/;
|
| Line 72... |
Line 82... |
| 72 |
push @newLines, $line;
|
82 |
push @newLines, $line;
|
| 73 |
}
|
83 |
}
|
| 74 |
# start the alt_names section
|
84 |
# start the alt_names section
|
| 75 |
push @newLines, '[ alt_names ]';
|
85 |
push @newLines, '[ alt_names ]';
|
| 76 |
# the first DNS entry is the actual domain.
|
86 |
# the first DNS entry is the actual domain.
|
| - |
|
87 |
# it will work, but is mislabeled, if $DOMAIN is actually an IP
|
| 77 |
push @newLines, "DNS.1=$DOMAIN";
|
88 |
push @newLines, "DNS.1=$DOMAIN";
|
| 78 |
my $dns = 2;
|
89 |
my $dns = 2;
|
| 79 |
# read in all aliases and add them as a separate DNS entry
|
90 |
# read in all aliases and add them as a separate DNS entry
|
| - |
|
91 |
# pretty sloppy in that we don't track IP and DNS separately
|
| - |
|
92 |
# and we are using a sloppy regex to detect IP's, but it
|
| - |
|
93 |
# is pretty fast.
|
| 80 |
while ( my $alias = shift ) {
|
94 |
while ( my $alias = shift ) {
|
| 81 |
push @newLines, "DNS.$dns=$alias";
|
95 |
push @newLines, ($alias =~ m/$ipv4Regex/ ? 'IP' : 'DNS' ) . ".$dns=$alias";
|
| 82 |
$dns++;
|
96 |
$dns++;
|
| 83 |
}
|
97 |
}
|
| 84 |
# print the ext file back out
|
98 |
# print the ext file back out
|
| 85 |
open CNF, ">$serverCertDir$DOMAIN.ext" or die "Could not write to $serverCertDir$DOMAIN.ext: $!\n";
|
99 |
open CNF, ">$extFile" or die "Could not write to $extFile: $!\n";
|
| 86 |
print CNF join( "\n", @newLines ) . "\n";
|
100 |
print CNF join( "\n", @newLines ) . "\n";
|
| 87 |
close CNF;
|
101 |
close CNF;
|
| 88 |
}
|
102 |
}
|
| 89 |
|
103 |
|
| - |
|
104 |
die;
|
| - |
|
105 |
|
| 90 |
# Create an rsa key into $DOMAIN.key
|
106 |
# Create an rsa key into $DOMAIN.key
|
| 91 |
`openssl genpkey -algorithm RSA -out $serverCertDir$DOMAIN.key -pkeyopt rsa_keygen_bits:2048`;
|
107 |
`openssl genpkey -algorithm RSA -out $keyFile -pkeyopt rsa_keygen_bits:2048`;
|
| 92 |
# create a signing request, using $DOMAIN.ext for all the DN stuff saved in $DOMAIN.csr
|
108 |
# create a signing request, using $DOMAIN.ext for all the DN stuff saved in $DOMAIN.csr
|
| 93 |
`openssl req -config $configFile -key $serverCertDir$DOMAIN.key -new -out $serverCertDir$DOMAIN.csr`;
|
109 |
`openssl req -config $extFile -key $keyFile -new -out $csrFile`;
|
| 94 |
# generate the actual crt file as $DOMAIN.crt, using the csr and ext file
|
110 |
# generate the actual crt file as $DOMAIN.crt, using the csr and ext file
|
| 95 |
`openssl x509 -req -in $serverCertDir$DOMAIN.csr -CA $caCRT -CAkey $caKey -CAcreateserial -out $serverCertDir$DOMAIN.crt -days $certDays -extensions req_ext -extfile $serverCertDir$DOMAIN.ext`;
|
111 |
`openssl x509 -req -in $csrFile -CA $caCRT -CAkey $caKey -CAcreateserial -out $crtFile -days $certDays -extensions req_ext -extfile $extFile`;
|
| 96 |
|
112 |
|
| 97 |
print "key and crt created. Use the following command to view the certificate\nopenssl x509 -in $DOMAIN.crt -text -noout\n";
|
113 |
print "key and crt created. Use the following command to view the certificate\nopenssl x509 -in $crtFile -text -noout\n";
|
| - |
|
114 |
print "and the following to view CSR\nopenssl req -in $csrFile -text -noout\n";
|
| 98 |
1;
|
115 |
1;
|