pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65b787cb8a166aa59e2c4638f8d66e405011fe09
Sigma-C2/generate_certs.sh

106 lines
3.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Check if an IP argument was provided
if [ -z "$1" ]; then
echo "No IP provided, defaulting to 127.0.0.1"
SERVER_IP="127.0.0.1"
else
SERVER_IP="$1"
fi
# Set output directories and filenames
CERT_DIR="certificates"
AGENT_FOLDER="agent"
CA_KEY="${CERT_DIR}/ca.key"
CA_CERT="${CERT_DIR}/ca.crt"
CA_HEADER="${AGENT_FOLDER}/ca_cert.h"
SERVER_KEY="${CERT_DIR}/server.key"
SERVER_CSR="${CERT_DIR}/server.csr"
SERVER_CERT="${CERT_DIR}/server.crt"
CLIENT_KEY="${CERT_DIR}/client.key"
CLIENT_CSR="${CERT_DIR}/client.csr"
CLIENT_CERT="${CERT_DIR}/client.crt"
AGENT_KEY="${CERT_DIR}/agent.key"
AGENT_CSR="${CERT_DIR}/agent.csr"
AGENT_CERT="${CERT_DIR}/agent.crt"
AGENT_HEADER_KEY="${AGENT_FOLDER}/agent_key.h"
AGENT_HEADER_CERT="${AGENT_FOLDER}/agent_cert.h"
# Create necessary directories
mkdir -p "${CERT_DIR}" "${AGENT_FOLDER}"
# Function to create a configuration file for SANs
create_openssl_config() {
cat <<EOF >openssl.cnf
[ req ]
default_bits = 2048
default_md = sha256
prompt = no
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
C = US
ST = State
L = City
O = Organization
OU = OrgUnit
CN = $1
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = $1
IP.1 = $1
EOF
}
# Step 1: Generate CA certificate and private key
echo "Generating CA certificate and private key..."
openssl genrsa -out "${CA_KEY}" 2048
openssl req -x509 -new -nodes -key "${CA_KEY}" -sha256 -days 3650 -out "${CA_CERT}" \
-subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=MyCA"
# Convert CA certificate to C header
echo "Converting CA certificate to C header..."
xxd -i "${CA_CERT}" > "${CA_HEADER}"
# Step 2: Generate Server certificate
echo "Generating Server certificate for IP: ${SERVER_IP}..."
create_openssl_config "${SERVER_IP}"
openssl genrsa -out "${SERVER_KEY}" 2048
openssl req -new -key "${SERVER_KEY}" -out "${SERVER_CSR}" -config openssl.cnf
openssl x509 -req -in "${SERVER_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
-out "${SERVER_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
# Step 3: Generate Client certificate
echo "Generating Client certificate for IP: ${SERVER_IP}..."
create_openssl_config "${SERVER_IP}"
openssl genrsa -out "${CLIENT_KEY}" 2048
openssl req -new -key "${CLIENT_KEY}" -out "${CLIENT_CSR}" -config openssl.cnf
openssl x509 -req -in "${CLIENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
-out "${CLIENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
# Step 4: Generate Agent certificate
echo "Generating Agent certificate for IP: ${SERVER_IP}..."
create_openssl_config "${SERVER_IP}"
openssl genrsa -out "${AGENT_KEY}" 2048
openssl req -new -key "${AGENT_KEY}" -out "${AGENT_CSR}" -config openssl.cnf
openssl x509 -req -in "${AGENT_CSR}" -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
-out "${AGENT_CERT}" -days 365 -sha256 -extfile openssl.cnf -extensions req_ext
# Step 5: Convert Agent certificate and key to C headers using xxd
echo "Converting Agent certificate and key to C headers..."
xxd -i "${AGENT_KEY}" > "${AGENT_HEADER_KEY}"
xxd -i "${AGENT_CERT}" > "${AGENT_HEADER_CERT}"
# Clean up temporary files
echo "Cleaning up temporary files..."
rm -f openssl.cnf "${SERVER_CSR}" "${CLIENT_CSR}" "${AGENT_CSR}"
echo "All certificates and headers have been generated!"
echo "Generated files are in the '${CERT_DIR}' folder."
echo "Agent-related headers and CA header are in the '${AGENT_FOLDER}' folder."
Reference in New Issue View Git Blame Copy Permalink