Shell script to raise csr by using openssl

 #!/bin/bash


# Set variables

CA_SERVER="ca.example.com"

CA_PORT="443"

CA_USERNAME="username"

CA_PASSWORD="password"

CSR_FILE="mydomain.csr"

CERT_FILE="mydomain.crt"

KEY_FILE="mydomain.key"


# Prompt user for certificate details

printf "Enter the common name (e.g. example.com): "

read COMMON_NAME

printf "Enter the two-letter country code (e.g. US): "

read COUNTRY

printf "Enter the state or province name: "

read STATE

printf "Enter the locality or city name: "

read LOCALITY

printf "Enter the organization name: "

read ORGANIZATION

printf "Enter the organizational unit name: "

read ORG_UNIT


# Generate private key

openssl genrsa -out "$KEY_FILE" 2048


# Create CSR

openssl req -new -key "$KEY_FILE" -out "$CSR_FILE" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION/OU=$ORG_UNIT/CN=$COMMON_NAME"


echo "CSR generated and saved to $CSR_FILE"


# Display CSR and prompt user to send it to CA and receive certificate

echo "CSR contents:"

cat "$CSR_FILE"

printf "\n"

echo "Send the above CSR to your CA and receive the signed certificate."

printf "Save the signed certificate to a file (e.g. mydomain.crt) and press Enter to continue."

read


# Check if certificate received

if [ ! -s "$CERT_FILE" ]; then

  echo "Error: certificate not received"

  exit 1

fi


echo "Certificate received and saved to $CERT_FILE"




This version of the script uses printf instead of read to prompt the user for certificate details. After generating the CSR, the script displays the contents of the CSR and prompts the user to send it to their CA and receive the signed certificate manually. Once the user has received the signed certificate and saved it to a file, they can press Enter to continue and the script will check if the certificate file exists and display a message indicating success.

Note that this version of the script assumes that the user knows how to send the CSR to their CA and receive the signed certificate, and it doesn't perform any validation or error checking for these steps.




Please try below as well

#!/bin/bash # Set variables CA_SERVER="ca.example.com" CA_PORT="443" CA_USERNAME="username" CA_PASSWORD="password" CSR_FILE="mydomain.csr" CERT_FILE="mydomain.crt" CERT_PEM_FILE="mydomain.pem" KEY_FILE="mydomain.key" NGINX_CONF_FILE="/etc/nginx/conf.d/mydomain.conf" NGINX_SERVER_NAME="mydomain.com" # Generate private key openssl genrsa -out "$KEY_FILE" 2048 # Create CSR openssl req -new -key "$KEY_FILE" -out "$CSR_FILE" -subj "/CN=$NGINX_SERVER_NAME" echo "CSR generated and saved to $CSR_FILE" # Prompt user to send CSR to CA echo "Please send the following CSR to your CA:" cat "$CSR_FILE" # Wait for user to send CSR and receive signed certificate echo "Please save the signed certificate to $CERT_FILE and press Enter when finished" read if [ ! -s "$CERT_FILE" ]; then echo "Error: certificate not received" exit 1 fi echo "Certificate received and saved to $CERT_FILE" # Convert signed certificate to PEM format openssl x509 -in "$CERT_FILE" -out "$CERT_PEM_FILE" -outform PEM echo "Certificate converted to PEM format and saved to $CERT_PEM_FILE" # Configure Nginx to use signed certificate cat > "$NGINX_CONF_FILE" <<EOF server { listen 80; server_name $NGINX_SERVER_NAME; # Redirect HTTP to HTTPS return 301 https://\$host\$request_uri; } server { listen 443 ssl; server_name $NGINX_SERVER_NAME; ssl_certificate $CERT_PEM_FILE; ssl_certificate_key $KEY_FILE; # Other Nginx configuration directives... } EOF echo "Nginx configuration updated in $NGINX_CONF_FILE"


Comments

Post a Comment

Popular posts from this blog

Shell script to find out aliases and their expiration in cacerts

  #!/bin/bash # Set the path to the Java installation directory JAVA_HOME="/opt/java" # Set the password for the keystore KEYSTORE_PASS="keystore_password" # List all aliases in the keystore ALIASES=$(keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass $KEYSTORE_PASS | grep "Alias name:" | awk '{print $3}') # Loop through the aliases and get the expiration date for each certificate for ALIAS in $ALIASES; do     # Get the expiration date in human-readable format     EXP_DATE=$(keytool -list -v -alias $ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass $KEYSTORE_PASS | grep "Valid from" | awk '{print $3 " " $4 " " $7 " " $6}')     # Print the alias name and expiration date     echo "Alias Name: $ALIAS"     echo "Expiration Date: $EXP_DATE"     echo "" done Replace "/path/to/java" with the path to your Java installation directory, ...
Read more

shell script to scp multiple file to multiple destinations

  #!/bin/bash # Prompt the user for the name of the file to transfer using printf and read commands printf "Enter the name of the file to transfer: " read filename # Prompt the user for the IP addresses to transfer the files to using printf and read commands printf "Enter the IP addresses to transfer the file(s) to (separated by spaces): " read -a ips # Define the username to use for the SCP transfer username="user" # Loop through the array of IP addresses and transfer the file to each one for ip in "${ips[@]}" do     # Use printf to display a message before transferring each file     printf "Transferring %s to %s...\n" "$filename" "$ip"         # Use scp to transfer the file to the current IP address     scp "$filename" "${username}@${ip}:~/" done # Use printf to display a summary message when the transfers are complete printf "Transferred %s to %d IP addresses.\n" "$filename"...
Read more

How to resolve port conflict in websphere

 To resolve port conflicts in WebSphere Application Server on Linux, you can follow the below steps: Determine the port that is in conflict: a. Login in server b. Run the command: ./netstat -an | grep <port> where <port> is the port number that is in conflict. Identify the process that is using the port: a. Run the command: ps -ef | grep <PID> where <PID> is the Process ID (PID) of the process that is using the port. Stop the process that is using the port: a. Use the kill command to stop the process: kill -9 <PID> where <PID> is the Process ID of the process that is using the port. b. Change port in serverindex.xml file if required  c.Stop node and sync with dmgr then start node Restart the WebSphere Application Server: a. Go to the WebSphere installation directory: cd /opt/IBM/WebSphere/AppServer/bin b. Run the command: ./stopServer.sh <server_name> where <server_name> is the name of the server that you modified the port number...
Read more