Simple CSR generator written in Bash.
- Bash
- openssl
- Fill the dom.list file with domain and subdomain names (one per line, both www and non-www versions). The top entry is taken as CN (Common Name).
- Edit the gencsr.conf file under current working directory and put necessary information (country code, state, organization name etc ...).
- Run the
gencsr
script:
chmod u+x gencsr #giving execution permission
./gencsr
Option | Alt. option | Details | Default value |
---|---|---|---|
-df | --dom-file | file containing domain per line | dom.list |
-k | --key | private key file | dom.key |
-ks | --key-size | key size | 4096 |
-csr | --csr | CSR file | dom.csr |
-c | --conf | configuration file | gencsr.conf |
-oc | --openssl-conf | OpenSSL config file (use this if gencsr can't find it) |
/etc/ssl/openssl.cnf or /etc/pki/tls/openssl.cnf or ./openssl.cnf |
-n | --new | Always create new | false |
-h | --help | show help | false |
-v | --version | show version info | false |
The following creates a new 2048 bit key and saves it into key_file, takes necessary information from conf_file, takes the domain list from domain_file and creates a CSR file named csr_file.csr:
./gencsr -n -ks 2048 -k key_file -df domain_file -c conf_file -csr csr_file.csr
The following creates CSR using the existing key_file:
./gencsr -k key_file -df domain_file -c conf_file -csr csr_file.csr
This file is parsed by gencsr to get various information. Path to this file can be given by the -c
or --conf
options. If no path is given, the path is defaulted to ./gencsr.conf
.
This is how a typical configuration file for gencsr looks like:
############# gencsr config file #####################
# Do not use quotation marks (', "")
# To prevent any entry being included, comment them
# by adding a # at the beginning
######################################################
CountryCode=US # Put two character country code
State=My state # Put state name
Locality=My city # Put city name
Oraganization=My organization # Put organization name
OraganizationUnit=Technology or whatever # Put organization unit name
Email=mymail@somedomain.com # Put email address
This is a file containing domain names per line. Put both www and non-www versions. Put the CN (root domain) at top. Path to this file can be provided by the -df
or --dom-file
options. If no path is given, it's defaulted to ./dom.list
.
This is how a domain file looks like:
example.org
www.example.org
docs.example.org
www.docs.example.org
api.example.org
www.api.example.org
forums.example.org
www.forums.example.org