Rev 184 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed
#! /usr/bin/env perl
use strict;
use warnings;
my $configFile = 'openssl.cnf'; # prototype for the domain specific config file
# they must pass in at least a domain. All other cli params taken as aliases
# this will also be the filename for each file created, ie $DOMAIN.extension
my $DOMAIN = shift;
die "Usage: $0 domain [alias alias]\n" unless $DOMAIN;
# if the domain doesn't have an ext file, create it
if ( ! -f "$DOMAIN.ext" ) {
# read in the default config file
open CNF, "<$configFile" or die "Could not read $configFile: $!\n";
my @config = <CNF>;
close CNF;
# remove all line endings
chomp @config;
# the first DNS entry is the actual domain.
push @config, "DNS.1=$DOMAIN";
my $dns = 2;
# read in all aliases and add them as a separate DNS entry
while ( my $alias = shift ) {
push @config, "DNS.$dns=$alias";
$dns++;
}
# print the ext file back out
open CNF, ">$DOMAIN.ext" or die "Could not write to $DOMAIN.ext: $!\n";
print CNF join( "\n", @config ) . "\n";
close CNF;
}
# Create an rsa key into $DOMAIN.key
`openssl genrsa -out $DOMAIN.key 2048`;
# create a signing request, using $DOMAIN.ext for all the DN stuff saved in $DOMAIN.csr
`openssl req -new -key $DOMAIN.key -out $DOMAIN.csr -config $DOMAIN.ext`;
# generate the actual crt file as $DOMAIN.crt, using the csr and ext file
`openssl x509 -req -in $DOMAIN.csr -CA vanduzen_CA.pem -CAkey vanduzen_CA.key -CAcreateserial -out $DOMAIN.crt -days 365 -sha256 -extfile $DOMAIN.ext`;
1;