Generating Certificate (CSR) requests
Here's a short script to generate a server key and PKCS #10 Certificate Request for use with https:
#!/bin/sh
HOSTNAME=$1
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <hostname>" >&2
exit 1
fi
if [ ! -f ${HOSTNAME}.key ]; then
openssl genrsa -out ${HOSTNAME}.key 2048
fi
cp cert.cfg ${HOSTNAME}.cfg
echo >> ${HOSTNAME}.cfg
echo "cn = ${HOSTNAME}" >> ${HOSTNAME}.cfg
certtool --generate-request \
--load-privkey ${HOSTNAME}.key \
--outfile ${HOSTNAME}.csr \
--template ${HOSTNAME}.cfg
if [ -f ${HOSTNAME}.csr ]; then
echo ${HOSTNAME}.csr
fi
This requires a cert.cfg that provides the basic information for your organisation:
# X.509 Certificate options
#
# DN options
organization = "University of Weevils"
unit = "Department of Creepy Crawlies"
locality = "Winchester"
state = "Hampshire"
country = GB
# Whether this certificate will be used to sign data (needed
# in TLS DHE ciphersuites).
signing_key
# Whether this certificate will be used for a TLS client
tls_www_client
# Whether this certificate will be used for a TLS server
tls_www_server
# Whether this certificate will be used to encrypt data (needed
# in TLS RSA ciphersuites). Note that it is preferred to use different
# keys for encryption and signing.
encryption_key
The resulting csr should be sent to your certificate authority for signing into a certificate (crt).
#!/bin/sh
HOSTNAME=$1
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <hostname>
exit 1
fi
if [ ! -f ${HOSTNAME}.key ]; then
openssl genrsa -out ${HOSTNAME}.key 2048
fi
cp cert.cfg ${HOSTNAME}.cfg
echo >> ${HOSTNAME}.cfg
echo "cn = ${HOSTNAME}" >> ${HOSTNAME}.cfg
certtool --generate-request \
--load-privkey ${HOSTNAME}.key \
--outfile ${HOSTNAME}.csr \
--template ${HOSTNAME}.cfg
if [ -f ${HOSTNAME}.csr ]; then
echo ${HOSTNAME}.csr
fi
This requires a cert.cfg that provides the basic information for your organisation:
# X.509 Certificate options
#
# DN options
organization = "University of Weevils"
unit = "Department of Creepy Crawlies"
locality = "Winchester"
state = "Hampshire"
country = GB
# Whether this certificate will be used to sign data (needed
# in TLS DHE ciphersuites).
signing_key
# Whether this certificate will be used for a TLS client
tls_www_client
# Whether this certificate will be used for a TLS server
tls_www_server
# Whether this certificate will be used to encrypt data (needed
# in TLS RSA ciphersuites). Note that it is preferred to use different
# keys for encryption and signing.
encryption_key
The resulting csr should be sent to your certificate authority for signing into a certificate (crt).