#!/bin/bash # info: generate self signed certificate and CSR request # options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT] # # example: v-generate-ssl-cert example.com mail@yahoo.com USA California Monterey ACME.COM IT # # This function generates self signed SSL certificate and CSR request #----------------------------------------------------------# # Variables & Functions # #----------------------------------------------------------# # Argument definition domain=$1 domain=$(echo $domain | sed -e 's/\.*$//g' -e 's/^\.*//g') domain_alias=$domain email=$2 country=$3 state=$4 city=$5 org=$6 org_unit=$7 aliases=$8 format=${9-shell} KEY_SIZE=4096 DAYS=365 # Includes # shellcheck source=/etc/hestiacp/hestia.conf source /etc/hestiacp/hestia.conf # shellcheck source=/usr/local/hestia/func/main.sh source $HESTIA/func/main.sh # load config file source_conf "$HESTIA/conf/hestia.conf" # Json function json_list_ssl() { i='1' # iterator echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," echo " \"KEY\": \"$key\"," echo " \"CSR\": \"$csr\"," echo " \"DIR\": \"$workdir\"" echo -e "\t}\n}" } # Shell function shell_list_ssl() { if [ -n "$crt" ]; then echo -e "$crt" fi if [ -n "$key" ]; then echo -e "\n$key" fi if [ -n "$csr" ]; then echo -e "\n$csr" fi echo -e "\nDirectory: $workdir" } # Additional argument formatting format_domain_idn if [[ "$email" = *[![:ascii:]]* ]]; then email=$(idn2 --quiet $email) fi #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]' check_args '7' "$#" "$args_usage" is_format_valid 'domain' 'aliases' 'format' 'email' is_common_format_valid $country "country" is_common_format_valid $state "state" is_common_format_valid $org "org" is_common_format_valid $unit "unit" if [ ! -f '/etc/redhat-release' ]; then release="$(lsb_release -s -r)" fi if [ -z "$email" ] && [ "$release" = "18.04" ]; then echo "Email address is required" exit 2 fi if [ ! -f /root/.rnd ]; then touch /root/.rnd fi # Perform verification if read-only mode is enabled check_hestia_demo_mode #----------------------------------------------------------# # Action # #----------------------------------------------------------# # Create temporary work directory workdir=$(mktemp -d) cd $workdir # Generate private key openssl genrsa "$KEY_SIZE" > "$domain.key" 2> /dev/null subj="" # Generate the CSR if [ -n "$email" ]; then subj="/emailAddress=$email" fi subj="$subj/C=$country/ST=$state/L=$city/O=$org" subj="$subj/OU=$org_unit/CN=$domain_idn" if [ -z "$aliases" ]; then openssl req -sha256 -new \ -batch \ -subj "$subj" \ -key $domain.key \ -out $domain.csr > /dev/null 2>&1 else for alias in $(echo $domain,$aliases | tr ',' '\n' | sort -u); do if [[ "$alias" = *[![:ascii:]]* ]]; then alias=$(idn2 --quiet $alias) fi dns_aliases="${dns_aliases}DNS:$alias," done dns_aliases=$(echo $dns_aliases | sed "s/,$//") if [ -e "/etc/ssl/openssl.cnf" ]; then ssl_conf='/etc/ssl/openssl.cnf' else ssl_conf="/etc/pki/tls/openssl.cnf" fi openssl req -sha256 -new \ -batch \ -subj "$subj" \ -key $domain.key \ -reqexts SAN \ -config <(cat $ssl_conf \ <(printf "[SAN]\nsubjectAltName=$dns_aliases")) \ -out $domain.csr > /dev/null 2>&1 fi # Generate the cert 1 year openssl x509 -req -sha256 \ -days $DAYS \ -in $domain.csr \ -signkey $domain.key \ -out $domain.crt > /dev/null 2>&1 # Listing certificates if [ -e "$domain.crt" ]; then crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g') fi if [ -e "$domain.key" ]; then key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g') fi if [ -e "$domain.csr" ]; then csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g') fi case $format in json) json_list_ssl ;; plain) nohead=1 shell_list_ssl ;; shell) shell_list_ssl ;; *) check_args '1' '0' '[FORMAT]' ;; esac # Don't allow non root users view folder chmod 660 $workdir # Clean up the mess echo "rm -rf $workdir" | at -M "now +15 minute" > /dev/null 2>&1 # Delete tmp dir #rm -rf $workdir #----------------------------------------------------------# # Hestia # #----------------------------------------------------------# # Logging log_event "$OK" "$ARGUMENTS" exit