From 6267b709651e5f2635b2108e588a0ad67ad899aa Mon Sep 17 00:00:00 2001 From: Lucas Werkmeister Date: Thu, 23 Mar 2017 22:44:34 +0100 Subject: [PATCH] upd: extract Distinguished Name fields, document config Change-Id: I5d838b9c82a306ad2c3b62c865282e5fdec5ecc2 --- README.md | 3 +++ commonFunctions.bash | 3 +-- config.example | 7 +++++++ generateKeys | 7 ++----- structure.bash | 5 ++++- 5 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 config.example diff --git a/README.md b/README.md index 17c3852..1b03c3d 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ This project is a collection of shell scripts to generate X.509 certificates sui It is usually used in conjunction with *Cassiopeia* and *Gigi*. To generate a root certificate and all intermediate certificates for the years 2017 and 2018, run `./all root 2017 2018`. +To adjust the settings of the certificates (organization name, domain name, …), +create a `config` file and set the appropriate variables; +the `config.example` file documents the available variables. ## Overview of Generating Shell Scripts diff --git a/commonFunctions.bash b/commonFunctions.bash index 36ffa19..a433fbe 100644 --- a/commonFunctions.bash +++ b/commonFunctions.bash @@ -3,7 +3,7 @@ genKey(){ #subj, internalName openssl genrsa -out $2.key ${KEYSIZE} - openssl req -new -key $2.key -out $2.csr -subj "$1/O=Test Environment CA Ltd./OU=Test Environment CAs/C=AU" + openssl req -new -key $2.key -out $2.csr -subj "$1/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/C=$COUNTRY" } @@ -49,4 +49,3 @@ findLibfaketime() { printf >&2 'error: no libfaketime found\n' exit 1 # unfortunately, this will only exit the $() subshell } - diff --git a/config.example b/config.example new file mode 100644 index 0000000..4a90b6e --- /dev/null +++ b/config.example @@ -0,0 +1,7 @@ +# You can adjust the following variables: +# APPNAME="Your CA name" # used in the Common Name (CN=) of all certificates +# DOMAIN="example.com" # the main domain of your CA +# ORGANIZATION="Your Organization Name" # legal name of your organization, the O= of all certificates +# ORGANIZATIONAL_UNIT="Your Organizational Unit" # name of your organizational unit, the OU= of all certificates +# COUNTRY="AT" # the country of your organization, the C= of all certificates +# KEYSIZE=4096 # default is probably fine diff --git a/generateKeys b/generateKeys index 956e4fd..09a93ba 100755 --- a/generateKeys +++ b/generateKeys @@ -51,18 +51,15 @@ TESTCA # Generate the super Root CA -genca "/CN=Gigi testCA" root +genca "/CN=$APPNAME Root Certificate" root #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf rootSign root # generate the various sub-CAs for ca in "${STRUCT_CAS[@]}"; do . ../CAs/$ca - genca "/CN=$name" $ca + genca "/CN=$APPNAME $name Intermediate Certificate" $ca rootSign $ca done rm ca.cnf subca.cnf - - - diff --git a/structure.bash b/structure.bash index c88e3c6..90a89c0 100644 --- a/structure.bash +++ b/structure.bash @@ -1,7 +1,10 @@ #!/bin/bash +APPNAME="SomeCA" DOMAIN="wpia.local" +ORGANIZATION="Test Environment CA Ltd." +ORGANIZATIONAL_UNIT="Test Environment CAs" +COUNTRY="AT" KEYSIZE=4096 -PRIVATEPW="changeit" [ -f config ] && . ./config -- 2.47.3