#!/bin/bash # Check if an IP argument was provided if [ -z "$1" ]; then echo "No IP provided, defaulting to 127.0.0.1" SERVER_IP="127.0.0.1" else SERVER_IP="$1" fi # Set output directories and filenames CERT_DIR="certificates" AGENT_FOLDER="agent" CA_KEY="${CERT_DIR}/ca.key" CA_CERT="${CERT_DIR}/ca.crt" CA_HEADER="${AGENT_FOLDER}/ca_cert.h" SERVER_KEY="${CERT_DIR}/server.key" SERVER_CSR="${CERT_DIR}/server.csr" SERVER_CERT="${CERT_DIR}/server.crt" CLIENT_KEY="${CERT_DIR}/client.key" CLIENT_CSR="${CERT_DIR}/client.csr" CLIENT_CERT="${CERT_DIR}/client.crt" AGENT_KEY="${CERT_DIR}/agent.key" AGENT_CSR="${CERT_DIR}/agent.csr" AGENT_CERT="${CERT_DIR}/agent.crt" AGENT_HEADER_KEY="${AGENT_FOLDER}/agent_key.h" AGENT_HEADER_CERT="${AGENT_FOLDER}/agent_cert.h" # Create necessary directories mkdir -p "${CERT_DIR}" "${AGENT_FOLDER}" # Function to create a configuration file for SANs create_openssl_config() { cat <openssl.cnf [ req ] default_bits = 2048 default_md = sha256 prompt = no distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] C = US ST = State L = City O = Organization OU = OrgUnit CN = $1 [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = $1 IP.1 = $1 EOF } # Step 1: Generate CA certificate and private key echo "Generating CA certificate and private key..." openssl genrsa -out "${CA_KEY}" 2048 openssl req -x509 -new -nodes -key "${CA_KEY}" -sha256 -days 3650 -out "${CA_CERT}" \ -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=MyCA" # Convert CA certificate to C header echo "Converting CA certificate to C header..." xxd -i "${CA_CERT}" > "${CA_HEADER}" # Step 2: Generate Server certificate echo "Generating Server certificate for IP: ${SERVER_IP}..." create_openssl_config "${SERVER_IP}" openssl genrsa -out "${SERVER_KEY}" 2048 openssl req -new -key "${SERVER_KEY}" -out "${SERVER_CSR}" -config openssl.cnf openssl x509 -req -in "${SERVER_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \ -out "${SERVER_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext # Step 3: Generate Client certificate echo "Generating Client certificate for IP: ${SERVER_IP}..." create_openssl_config "${SERVER_IP}" openssl genrsa -out "${CLIENT_KEY}" 2048 openssl req -new -key "${CLIENT_KEY}" -out "${CLIENT_CSR}" -config openssl.cnf openssl x509 -req -in "${CLIENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \ -out "${CLIENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext # Step 4: Generate Agent certificate echo "Generating Agent certificate for IP: ${SERVER_IP}..." create_openssl_config "${SERVER_IP}" openssl genrsa -out "${AGENT_KEY}" 2048 openssl req -new -key "${AGENT_KEY}" -out "${AGENT_CSR}" -config openssl.cnf openssl x509 -req -in "${AGENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \ -out "${AGENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext # Step 5: Convert Agent certificate and key to C headers using xxd echo "Converting Agent certificate and key to C headers..." xxd -i "${AGENT_KEY}" > "${AGENT_HEADER_KEY}" xxd -i "${AGENT_CERT}" > "${AGENT_HEADER_CERT}" # Clean up temporary files echo "Cleaning up temporary files..." rm -f openssl.cnf "${SERVER_CSR}" "${CLIENT_CSR}" "${AGENT_CSR}" echo "All certificates and headers have been generated!" echo "Generated files are in the '${CERT_DIR}' folder." echo "Agent-related headers and CA header are in the '${AGENT_FOLDER}' folder."