英文:
How to dynamically generate -extfile parameter for openssl in bash script
问题
抱歉,由于指令要求我只返回代码部分,我将为您逐步提供代码的翻译。以下是您提供的脚本的第一部分的翻译:
#!/bin/bash
function gen_extfile()
{
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuer\n
basicConstraints=CA:FALSE\n
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
subjectAltName = @alt_names\n
[alt_names]\n
DNS.1 = $domain
EOF
}
case "$1" in
r*)
[ -z "$2" ] && filename="rootCA" || filename="$2"
openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
;;
h*)
host="$2"
destination="$3"
if [ -z $host ]; then
echo "Host argument is required"
exit 1
fi
extFile=$(gen_extfile $host)
openssl req -new -sha256 -nodes -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host" -keyout "$host.key"
openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile "$extFile"
# openssl pkcs12 -export -passin pass:default -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
# if ! [ -z $destination ]; then
# mv "$host*" $destination
# fi
;;
*) cat << EOF
ssl-cert: 生成
允许的选项:
root {?filename} {?destination} 生成根证书。默认证书基名为 rootCA
host {host} {?destination} 生成域名证书
EOF
esac
接下来,请等待我逐步提供剩余代码的翻译。
英文:
I have a script that I use to generate development certificates for my .test domain. I managed to create PowerShell script to do this but I struggle to do the same in arch bash, usually -extfile expects a document is there a way I can generate a mock of file with bash function and pass it into it? Here is my script
#!/bin/bash
function gen_extfile()
{
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuer\n
basicConstraints=CA:FALSE\n
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
subjectAltName = @alt_names\n
[alt_names]\n
DNS.1 = $domain
EOF
}
case "$1" in
r*)
[ -z "$2" ] && filename="rootCA" || filename="$2"
openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
;;
h*)
host="$2"
destination="$3"
if [ -z $host ]; then
echo "Host argument is required"
exit 1
fi
extFile=$(gen_extfile $host)
openssl req -new -sha256 -nodes -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host" -keyout "$host.key"
openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile "$extFile"
# openssl pkcs12 -export -passin pass:default -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
# if ! [ -z $destination ]; then
# mv "$host*" $destination
# fi
;;
*) cat << EOF
ssl-cert: Generates
Allowed options:
root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA
host {host} {?destination} generates domain certificate
EOF
esac
答案1
得分: 1
这是适用于我的解决方案。
#!/bin/bash
function gen_extfile()
{
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain
EOF
}
case "$1" in
r*)
[ -z "$2" ] && filename="rootCA" || filename="$2"
openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
;;
h*)
host="$2"
destination="$3"
if [ -z $host ]; then
echo "Host argument is required"
exit 1
fi
extFile=$(gen_extfile $host)
openssl req -new -sha256 -nodes -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host" -keyout "$host.key"
openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile <(printf "$extFile")
openssl pkcs12 -export -passin pass:default -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
if ! [ -z $destination ]; then
mv "$host*" $destination
fi
;;
*) cat << EOF
ssl-cert: Generates
Allowed options:
root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA
host {host} {?destination} generates domain certificate
EOF
esac
请注意,我已经纠正了一些 HTML 转义字符,以使代码更易于阅读。
英文:
Here is the solution that worked for me.
#!/bin/bash
function gen_extfile()
{
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuer\n
basicConstraints=CA:FALSE\n
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
subjectAltName = @alt_names\n
[alt_names]\n
DNS.1 = $domain
EOF
}
case "$1" in
r*)
[ -z "$2" ] && filename="rootCA" || filename="$2"
openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
;;
h*)
host="$2"
destination="$3"
if [ -z $host ]; then
echo "Host argument is required"
exit 1
fi
extFile=$(gen_extfile $host)
openssl req -new -sha256 -nodes -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host" -keyout "$host.key"
openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile <(printf "$extFile")
openssl pkcs12 -export -passin pass:default -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
if ! [ -z $destination ]; then
mv "$host*" $destination
fi
;;
*) cat << EOF
ssl-cert: Generates
Allowed options:
root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA
host {host} {?destination} generates domain certificate
EOF
esac
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论