Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anyone know of a quick, simple way to automate SSL generation? I'm trying to write a script that asks for the different information (City, State, Common Name, etc.) and generate multiple certificates using that information instead of having to type the information in for each cert generation. Here is a sample of how I generate a cert:
This may not be what you are trying to do, but check out the mkcert.sh and the dovecot-openssl.cnf. The cnf needs to be edited to include City, State, Common Name, etc. and the mkcert will make the dovecot.pem. Make sure to look at the mkcert.sh. You may be able to modify it to do what you need.
Ah! I did not realize that the openssl command will take a -config option.
Thanks! The Dovecot script gave me the bump I needed! I'll have to try this out later today.
For example, creating the certificate to Dovecot, you use:
Code:
make -C /etc/pki/tls/certs/ dovecot.pem
make: Entering directory `/etc/pki/tls/certs'
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > dovecot.pem ; \
echo "" >> dovecot.pem ; \
cat $PEM2 >> dovecot.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
........++++++
..................++++++
writing new private key to '/tmp/openssl.eF3723'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:BR
State or Province Name (full name) [Berkshire]:Sao Paulo
Locality Name (eg, city) [Newbury]:Sao Paulo
Organization Name (eg, company) [My Company Ltd]:lcoronato
Organizational Unit Name (eg, section) []:TI
Common Name (eg, your name or your server's hostname) []:cluster2.rhce.com.br
Email Address []:
make: Leaving directory `/etc/pki/tls/certs'
Will be created the certificate dovecot.pem in the correct folder.
/etc/pki/tls/certs
/etc/pki/tls/private
Is necessary uncomment this lines, in /etc/dovecot.conf
I still haven't gotten a chance to try this yet.
Does the last solution allow me to generate a cert in a script without requiring input for the cert? I don't want to have to enter the City, State, etc.
Thanks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.