106 lines
3.5 KiB
Bash
Executable File
106 lines
3.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check if an IP argument was provided
|
|
if [ -z "$1" ]; then
|
|
echo "No IP provided, defaulting to 127.0.0.1"
|
|
SERVER_IP="127.0.0.1"
|
|
else
|
|
SERVER_IP="$1"
|
|
fi
|
|
|
|
# Set output directories and filenames
|
|
CERT_DIR="certificates"
|
|
AGENT_FOLDER="agent"
|
|
|
|
CA_KEY="${CERT_DIR}/ca.key"
|
|
CA_CERT="${CERT_DIR}/ca.crt"
|
|
CA_HEADER="${AGENT_FOLDER}/ca_cert.h"
|
|
SERVER_KEY="${CERT_DIR}/server.key"
|
|
SERVER_CSR="${CERT_DIR}/server.csr"
|
|
SERVER_CERT="${CERT_DIR}/server.crt"
|
|
CLIENT_KEY="${CERT_DIR}/client.key"
|
|
CLIENT_CSR="${CERT_DIR}/client.csr"
|
|
CLIENT_CERT="${CERT_DIR}/client.crt"
|
|
AGENT_KEY="${CERT_DIR}/agent.key"
|
|
AGENT_CSR="${CERT_DIR}/agent.csr"
|
|
AGENT_CERT="${CERT_DIR}/agent.crt"
|
|
AGENT_HEADER_KEY="${AGENT_FOLDER}/agent_key.h"
|
|
AGENT_HEADER_CERT="${AGENT_FOLDER}/agent_cert.h"
|
|
|
|
# Create necessary directories
|
|
mkdir -p "${CERT_DIR}" "${AGENT_FOLDER}"
|
|
|
|
# Function to create a configuration file for SANs
|
|
create_openssl_config() {
|
|
cat <<EOF >openssl.cnf
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_md = sha256
|
|
prompt = no
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = req_ext
|
|
|
|
[ req_distinguished_name ]
|
|
C = US
|
|
ST = State
|
|
L = City
|
|
O = Organization
|
|
OU = OrgUnit
|
|
CN = $1
|
|
|
|
[ req_ext ]
|
|
subjectAltName = @alt_names
|
|
|
|
[ alt_names ]
|
|
DNS.1 = $1
|
|
IP.1 = $1
|
|
EOF
|
|
}
|
|
|
|
# Step 1: Generate CA certificate and private key
|
|
echo "Generating CA certificate and private key..."
|
|
openssl genrsa -out "${CA_KEY}" 2048
|
|
openssl req -x509 -new -nodes -key "${CA_KEY}" -sha256 -days 3650 -out "${CA_CERT}" \
|
|
-subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=MyCA"
|
|
|
|
# Convert CA certificate to C header
|
|
echo "Converting CA certificate to C header..."
|
|
xxd -i "${CA_CERT}" > "${CA_HEADER}"
|
|
|
|
# Step 2: Generate Server certificate
|
|
echo "Generating Server certificate for IP: ${SERVER_IP}..."
|
|
create_openssl_config "${SERVER_IP}"
|
|
openssl genrsa -out "${SERVER_KEY}" 2048
|
|
openssl req -new -key "${SERVER_KEY}" -out "${SERVER_CSR}" -config openssl.cnf
|
|
openssl x509 -req -in "${SERVER_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
|
|
-out "${SERVER_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
|
|
|
|
# Step 3: Generate Client certificate
|
|
echo "Generating Client certificate for IP: ${SERVER_IP}..."
|
|
create_openssl_config "${SERVER_IP}"
|
|
openssl genrsa -out "${CLIENT_KEY}" 2048
|
|
openssl req -new -key "${CLIENT_KEY}" -out "${CLIENT_CSR}" -config openssl.cnf
|
|
openssl x509 -req -in "${CLIENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
|
|
-out "${CLIENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
|
|
|
|
# Step 4: Generate Agent certificate
|
|
echo "Generating Agent certificate for IP: ${SERVER_IP}..."
|
|
create_openssl_config "${SERVER_IP}"
|
|
openssl genrsa -out "${AGENT_KEY}" 2048
|
|
openssl req -new -key "${AGENT_KEY}" -out "${AGENT_CSR}" -config openssl.cnf
|
|
openssl x509 -req -in "${AGENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
|
|
-out "${AGENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
|
|
|
|
# Step 5: Convert Agent certificate and key to C headers using xxd
|
|
echo "Converting Agent certificate and key to C headers..."
|
|
xxd -i "${AGENT_KEY}" > "${AGENT_HEADER_KEY}"
|
|
xxd -i "${AGENT_CERT}" > "${AGENT_HEADER_CERT}"
|
|
|
|
# Clean up temporary files
|
|
echo "Cleaning up temporary files..."
|
|
rm -f openssl.cnf "${SERVER_CSR}" "${CLIENT_CSR}" "${AGENT_CSR}"
|
|
|
|
echo "All certificates and headers have been generated!"
|
|
echo "Generated files are in the '${CERT_DIR}' folder."
|
|
echo "Agent-related headers and CA header are in the '${AGENT_FOLDER}' folder."
|