LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-21-2009, 01:16 PM   #1
jakev383
QmailToaster Developer
 
Registered: Dec 2005
Location: Burlington, NC
Distribution: CentOS, Voyage, Debian, Fedora
Posts: 220

Rep: Reputation: 31
automate SSL certificate generation


Does anyone know of a quick, simple way to automate SSL generation? I'm trying to write a script that asks for the different information (City, State, Common Name, etc.) and generate multiple certificates using that information instead of having to type the information in for each cert generation. Here is a sample of how I generate a cert:
Code:
openssl req -new -x509 -extensions v3_ca -keyout keys/private/cakey.pem -out cacert.pem -days 3653
If anyone has any suggestions, I would appreciate it!
Thanks.
 
Old 07-21-2009, 01:30 PM   #2
deathsfriend99
Member
 
Registered: Nov 2007
Distribution: CentOS 6
Posts: 184

Rep: Reputation: 22
This may not be what you are trying to do, but check out the mkcert.sh and the dovecot-openssl.cnf. The cnf needs to be edited to include City, State, Common Name, etc. and the mkcert will make the dovecot.pem. Make sure to look at the mkcert.sh. You may be able to modify it to do what you need.

http://wiki.dovecot.org/SSL/CertificateCreation
 
Old 07-22-2009, 06:17 AM   #3
jakev383
QmailToaster Developer
 
Registered: Dec 2005
Location: Burlington, NC
Distribution: CentOS, Voyage, Debian, Fedora
Posts: 220

Original Poster
Rep: Reputation: 31
Ah! I did not realize that the openssl command will take a -config option.
Thanks! The Dovecot script gave me the bump I needed! I'll have to try this out later today.
 
Old 07-22-2009, 12:01 PM   #4
lcoronato
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Rep: Reputation: 1
Hi,

You can use the following command:

Code:
make -C /etc/pki/tls/certs/
For example, creating the certificate to Dovecot, you use:
Code:
make -C /etc/pki/tls/certs/ dovecot.pem

make: Entering directory `/etc/pki/tls/certs'
umask 77 ; \
	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
	/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
	cat $PEM1 >  dovecot.pem ; \
	echo ""    >> dovecot.pem ; \
	cat $PEM2 >> dovecot.pem ; \
	rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
........++++++
..................++++++
writing new private key to '/tmp/openssl.eF3723'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BR
State or Province Name (full name) [Berkshire]:Sao Paulo
Locality Name (eg, city) [Newbury]:Sao Paulo
Organization Name (eg, company) [My Company Ltd]:lcoronato
Organizational Unit Name (eg, section) []:TI
Common Name (eg, your name or your server's hostname) []:cluster2.rhce.com.br
Email Address []:
make: Leaving directory `/etc/pki/tls/certs'

Will be created the certificate dovecot.pem in the correct folder.

/etc/pki/tls/certs
/etc/pki/tls/private

Is necessary uncomment this lines, in /etc/dovecot.conf

ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tsl/private/dovecot.pem


I Think that will help.

Good luck.

Leandro.

Last edited by lcoronato; 07-22-2009 at 12:04 PM.
 
Old 07-24-2009, 08:50 AM   #5
jakev383
QmailToaster Developer
 
Registered: Dec 2005
Location: Burlington, NC
Distribution: CentOS, Voyage, Debian, Fedora
Posts: 220

Original Poster
Rep: Reputation: 31
I still haven't gotten a chance to try this yet.
Does the last solution allow me to generate a cert in a script without requiring input for the cert? I don't want to have to enter the City, State, etc.
Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Automating openssl certificate generation megaspaz Linux - Security 4 08-20-2012 02:42 PM
Openssl Certificate Generation Question AES richinsc Linux - Security 11 09-18-2008 10:48 AM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM
certificate generation and FreeRADIUS setup ahuebel Linux - Wireless Networking 1 12-19-2003 05:01 PM
SSL certificate without..... Drogo Linux - Software 1 06-13-2003 02:13 AM


All times are GMT -5. The time now is 02:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration