Shell script to create multiple OpenSSL Certificates


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Shell script to create multiple OpenSSL Certificates
# 1  
Old 08-18-2011
Question Shell script to create multiple OpenSSL Certificates

I need to create a script that will generate a bunch of OpenSSL Certificates signed by my own CA. The certificates being generated are for testing purposes only. But what I need is the following

Root CA
512
768
1024
1280
1536
1792
2048
4096

I need basically 64 combinations. Each root CA must sign each possible client CA of 512, 768, 1024, 1280, 1536, 1792, 2048 and 4096. for example

ROOT CA 512 to Client CA 512, 768, etc
ROOT CA 768 to Client CA 512, 768 etc

I'm not sure how to go about the script. Suggestions at this point would be of great help. Bash, or Perl would be fine.

Thanks for any and all help on this.
# 2  
Old 08-19-2011
Can you give an example for step by step certification creation in normal scenario without any script? That would help better to understand requirement and feasibility of script.
Thanks
# 3  
Old 08-19-2011
Request Client Certificate

openssl genrsa -out client512.key 512 openssl req -new -key client.key -out client512.csr -config openssl.cnf Sign Certifiicate

openssl x509 -req -days 365 -CA ca512.crt -CAkey ca512.key -CAcreateserial -in client512.csr -out client512512.crt

openssl x509 -req -days 365 -CA ca768.crt -CAkey ca768.key -CAcreateserial -in client512.csr -out client768512.crt

openssl x509 -req -days 365 -CA ca1024.crt -CAkey ca1024.key -CAcreateserial -in client512.csr -out client1024512.crt

And ETC down the list.
Then do the next client Cert of 768 and follow the same procedure and so on.

Hope that helps some.




# 4  
Old 08-19-2011
Code:
for RootCA in 512 768 1024 1280 1536 1792 2048 4096
  openssl genrsa -out client${RootCA}.key ${RootCA} openssl req -new -key client.key -out client${RootCA}.csr -config openssl.cnf Sign Certifiicate
  for ClientCA in 512 768 1024 1280 1536 1792 2048 4096
  do
     openssl x509 -req -days 365 -CA ca${ClientCA}.crt -CAkey ca${ClientCA}.key -CAcreateserial -in client${RootCA}.csr -out client${ClientCA}${RootCA}.crt
  done
done

# 5  
Old 08-19-2011
Almost there can you take a look?

Ok thanks for the reply. So I decided to try and automate the creation of the ROOT CA as well. Then I will continue on with the Clients Certs. Please take a look below its almost there but not quite working.

Code:
#!/bin/bash
RootCA={512 768 1024 1280 1536 1792 2048 4096}
ClientCA={512 768 1024 1280 1536 192 2048 4096}
Days=7300
OfRootKey= ~/Certs/Root-CA/private
OfRootCA= ~/Certs/Root-CA
OfClientKey= ~/Certs/Client/private
OfClient= ~/Certs/Client
Config= ~/Certs/Root-CA/conf

#Create ROOT CA 
for $RootCA 
do
openssl req -newe -x509 -days $Days -extensions v3_ca -keyout $OfRootKey/cakey${RootCA}.key -out $OfRootCA/cacert${RootCA}.pem -config $Config/openssl${RootCA}.conf
done
done

There errors are
./Root_CA_Create.sh
./Root_CA_Create.sh: line 2: 768: command not found
./Root_CA_Create.sh: line 3: 768: command not found
./Root_CA_Create.sh: line 5: /home/kris/Certs/Root-CA/private: Is a directory
./Root_CA_Create.sh: line 6: /home/kris/Certs/Root-CA: Is a directory
./Root_CA_Create.sh: line 7: /home/kris/Certs/Client/private: Is a directory
./Root_CA_Create.sh: line 8: /home/kris/Certs/Client: Is a directory
./Root_CA_Create.sh: line 9: /home/kris/Certs/Root-CA/conf: Is a directory
./Root_CA_Create.sh: line 15: `$RootCA': not a valid identifier
./Root_CA_Create.sh: line 16: syntax error near unexpected token `done'
./Root_CA_Create.sh: line 16: `done'

---------- Post updated at 02:47 PM ---------- Previous update was at 12:23 PM ----------

Ok I'm very close here. The script is now creating all the RootCA certificates but it only creats 8 of the client certificates. Because its only signing them with the last RootCA of 4096. I need it to sign each one with each RootCA as well. I see why its happening just not sure how to fix it. I followed the logic so I get why it happens just not sure how to correct yet.

Code:
#!/bin/bash
# RootCA={512 768 1024 1280 1536 1792 2048 4096}
# ClientCA={512 768 1024 1280 1536 192 2048 4096}
Days=7300
OfRootKey=~/Certs/Root-CA/private
OfRootCA=~/Certs/Root-CA
OfClientKey=~/Certs/Client/private
OfClient=~/Certs/Client
OfClientReq=~/Certs/Requests
Config=~/Certs/Root-CA/conf


function Create_Root_CA {
#Create ROOT CA 
Echo Creating Root Certificates
for RootCA in 512 768 1024 1280 1536 1792 2048 4096
do
openssl req -new -x509 -days $Days -extensions v3_ca -keyout $OfRootKey/cakey${RootCA}.key -out $OfRootCA/cacert${RootCA}.pem -config $Config/openssl${RootCA}.conf
done
}

function Create_Client_Req {
echo Creating Clients Requests
for RootCA in 512 768 1024 1280 1536 1792 2048 4096
do
openssl req -new -newkey rsa:$RootCA -nodes -keyout $OfClientReq/client${RootCA}.key -out $OfClientReq/client${RootCA}.csr -config $Config/openssl$RootCA.conf
done
}

function Sign_Client_Certs {
echo Signing Clients Certificates
for ClientCA in 512 768 1024 1280 1536 1792 2048 4096
  do
     openssl x509 -req -days $Days -CA $OfRootCA/cacert${ClientCA}.pem -CAkey $OfRootKey/cakey${ClientCA}.key -CAcreateserial -in $OfClientReq/client${RootCA}.csr -out $OfClient/client${ClientCA}${RootCA}.pem
done
}

Create_Root_CA
Create_Client_Req
Sign_Client_Certs

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Create a UNIX script file with multiple commands

Hi Good morning all, I want to create script file with multiple commands. For ex: pmrep connect is one of the command to connect to repository. pmrep objectexport is another command to export objects to a file. These commands should run sequentially.But when i try to execute this, the first... (4 Replies)
Discussion started by: SekhaReddy
4 Replies

2. Shell Programming and Scripting

Shell Script for viewing multiple logs from multiple server

I am new to Shell scripting and below is my requirement. I need to search some specific word e.g. "exception" or "transaction" from log file. We have multiple env e.g. Level1 , Level2 etc and each env have Multiple boxes e.g. For Level 1 env we have "test11.test.com" , "test12.test.com". Each... (1 Reply)
Discussion started by: peeyush
1 Replies

3. Shell Programming and Scripting

Need help to create multiple file using shell script

HI, i created the below script to create the multiple files, iam not getting the required output, Please advice. #!/bin/sh v_date=$1 # argument will come as daymonthyear eg : 151112 v_day=`echo $v_date | cut -c 1-2` v_mon=`echo $v_date | cut -c 3-4` v_year=`echo $v_date | cut -c 5-6`... (4 Replies)
Discussion started by: jagguvarma
4 Replies

4. Shell Programming and Scripting

Single script to create multiple directories

Hi , I want a script to create a directories at different locations. suppose i am on home/path/zone1. I want to create a directory of current month in this location. Then i want to create the same current month directory in home/path/zone2.like this for 9 diffrent zones. I can do this... (4 Replies)
Discussion started by: sv0081493
4 Replies

5. Programming

help need in the perl script that create one xml file form multiple files.

Hi every one, Please excuse me if any grammatical mistakes is there. I have multiple xml files in one directory, I need to create multiple XML files into one XML file.example files like this</p> file1:bvr.xml ... (0 Replies)
Discussion started by: veerubiji
0 Replies

6. Shell Programming and Scripting

Need to develop a script to create a report reading multiple server logs

I am currently trying to develop a script to connect to mulltiple servers, reading specifc data from log files on the servers and append the data from each file into a single tab delimited row. So, at the end I am planning to have a report with all the extracted data with each row per server. I am... (5 Replies)
Discussion started by: scriptingnewbie
5 Replies

7. Shell Programming and Scripting

openssl shell script

HI :) I have a script with an encrypted file that will output the decrypted content. my question is, instead of printing it, how can I pass it to the python parser? I kept trying lots of ways.. no luck :( #!/bin/sh openssl enc -aes-256-cfb8 -a -d -pass pass:mypass<<EOF... (2 Replies)
Discussion started by: skeeter144
2 Replies

8. Shell Programming and Scripting

Need a Shell script to create Multiple User Accounts

Hi All, Am New to shell scripting , Can u please Help me to Create a shell script which Creates Multiple Users (say up to 250 users) ,am using Rehat server 5 enterprise Edition .. I am really in need of this script So tat i can save time and effort for this Job .. KIndly help me Please ... (1 Reply)
Discussion started by: rksubash
1 Replies

9. UNIX Desktop Questions & Answers

trying to create a script with multiple variables...

I have created a script that prompts the user to enter three variables that are seperated by a space as the delimiter. It then performs a command 3 seperate times for each variable entered. I want the script to llow the user to enter as many variables as they may like and the script to... (5 Replies)
Discussion started by: Italy87
5 Replies

10. Filesystems, Disks and Memory

script to create multiple instances of a user account across LPAR's

My company has about 40 databases with each database in a different logical partition. Presently the SysAdmin person says it is necessary to create a user profile (login and password for each instance of databases on each LPAR. 1. Is it necessary that the user must be created in each LPAR? 2.... (1 Reply)
Discussion started by: kcampbell
1 Replies
Login or Register to Ask a Question