67 lines
2.5 KiB
Bash
67 lines
2.5 KiB
Bash
|
#!/usr/bin/env bash
|
|||
|
|
|
|||
|
|
set -e
|
|||
|
|
if ! whiptail -v >>/dev/null 2>&1; then
|
|||
|
|
if [ "$EUID" -ne 0 ]; then
|
|||
|
|
echo "Запустите скрипт от имени суперпользователя."
|
|||
|
|
exit 0
|
|||
|
|
fi
|
|||
|
|
apt-get -qq update
|
|||
|
|
apt-get -y install whiptail >>/dev/null 2>&1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
function error_msg () {
|
|||
|
|
whiptail --backtitle "EASY-TLS" --title "ОШИБКА" --msgbox "$1" 8 50
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if [ "$EUID" -ne 0 ]; then
|
|||
|
|
error_msg "Запустите скрипт от имени суперпользователя."
|
|||
|
|
exit 0
|
|||
|
|
fi
|
|||
|
|
set +e
|
|||
|
|
|
|||
|
|
function certificate_services {
|
|||
|
|
set -e
|
|||
|
|
if [ -e "certs/$1.cert.pem" ]; then
|
|||
|
|
return 0
|
|||
|
|
fi
|
|||
|
|
SERVICE_DNS_NAME=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте адрес сертификата $1:" 9 50 "$1.$CA_DNS_NAME" 3>&1 1>&2 2>&3)
|
|||
|
|
openssl req -new \
|
|||
|
|
-newkey rsa:2048 -nodes \
|
|||
|
|
-keyout "certs/$1.key.pem" -out "certs/$1.csr" \
|
|||
|
|
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$COMPANY/OU=$DEPARTMENT/CN=$SERVICE_DNS_NAME" 1>/dev/null 2>>easy-tls.log
|
|||
|
|
openssl x509 -req \
|
|||
|
|
-sha256 -days 365 \
|
|||
|
|
-CAkey "certs/root.key.pem" -CA "certs/root.cert.pem" -CAcreateserial \
|
|||
|
|
-in "certs/$1.csr" -out "certs/$1.cert.pem" 1>/dev/null 2>>easy-tls.log
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
function certificate_ca {
|
|||
|
|
set -e
|
|||
|
|
COUNTRY=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте страну:" 9 50 "RU" 3>&1 1>&2 2>&3)
|
|||
|
|
STATE=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте область:" 9 50 "MO" 3>&1 1>&2 2>&3)
|
|||
|
|
CITY=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте город:" 9 50 "MOSCOW" 3>&1 1>&2 2>&3)
|
|||
|
|
COMPANY=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте компанию:" 9 50 "IWTM" 3>&1 1>&2 2>&3)
|
|||
|
|
DEPARTMENT=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте отдел:" 9 50 "IT" 3>&1 1>&2 2>&3)
|
|||
|
|
CA_DNS_NAME=$(whiptail --backtitle "EASY-TLS" --title "CERTIFICATES" \
|
|||
|
|
--inputbox "\nЗадайте адрес:" 9 50 "demo.lab" 3>&1 1>&2 2>&3)
|
|||
|
|
if ! [ -e "certs" ]; then
|
|||
|
|
mkdir certs
|
|||
|
|
fi
|
|||
|
|
if ! [ -e "certs/root.key.pem" ]; then
|
|||
|
|
openssl req -x509 \
|
|||
|
|
-newkey rsa:2048 -sha256 -days 365 -nodes \
|
|||
|
|
-keyout "certs/root.key.pem" -out "certs/root.cert.pem" \
|
|||
|
|
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$COMPANY/OU=$DEPARTMENT/CN=$CA_DNS_NAME" 1>/dev/null 2>>easy-tls.log
|
|||
|
|
fi
|
|||
|
|
certificate_services "iwtm"
|
|||
|
|
set +e
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
certificate_ca
|