CSR Generating Script with OpenSSL..

Hi All,

Below script can be used create CSR  which you can submit to CA to get a valid certificate for your web server and private key (Simple rule : Private Key does not travel out from host)
This script will give you three file
1) CSR
2) Private key without password
3) Private key with password.

hostname.key  :  keep it in the ssl folder of your web server.
hostname.csr : Upload it on CA site and in return you will get *.CRT file (Public Key)
hostname.key-withpassword :  if you use this key  you need to enter the password for every web server request.  Even to start the server you need to put in the password.

You will need below information handy before you start executing the script.

  1. Country Name
  2. State or Province
  3. Locality Name
  4. Organization Name
  5. Organization Unit Name
  6. Common Name or FQDN or  hostname/DNS name in simple word
    Ex :  www.dipinthomas.com and dipinthomas.com are not same
  7. Email Address

Copy the script to file with  *.sh  extension
example: crt.sh

Before you start the script write down a complex password in a text file, have it  handy you need to enter it thrice.  Each step  has been explained in the script itself.


############copy from here################
#!/bin/bash

#Key Generation
#key is a combination of hostname and  Password. You will have to enter hostname once and then #password twice

echo “Creating Key, Please Enter HostName”
read hostname                                                                                    
openssl genrsa -des3 -out ${hostname}.key 2048

#Duplicating Key
# After above command we have the key generated, I am making a duplicate copy of it below, #why you will find it later

echo “Creating Duplicate Key”
cp ${hostname}.key ${hostname}.key-withpassword

#CSR Generation
#Here csr will be generated and will prompt you for all the question which i had mentioned above.

echo “Creating CSR”
openssl req -new -key ${hostname}.key -out ${hostname}.csr
echo “CSR Created Successfully”

#Removing the password from key
#This step will create the key without password which has to be used on web server,  we use the #duplicate copy of  key here in below step.

echo “removing Key from password file”
openssl rsa -in ${hostname}.key-withpassword -out ${hostname}.key
echo “Key Free from Password”
#Print CSR
# This will print CSR and key generated and you can validate the information which you
#
entered. If something went wrong you can run the script again. Its free use it as much as you want

openssl req -in ${hostname}.csr -noout -text
###########Copy till here#################

You just need two files  *.csr and *.key only to make your Web Server HTTPS.  Rest all files you  need to key it safe, not need to integrate it with web servers.

StartSSL is free certificate provider and a know CA also, recommend to try this first then buy the actual one.

WILD CARD CERTIFICATE
Instead of creating certificate for each server in your domain, you can  create a wildcard certificate, its simple,  you can use the same script only point to note is enter

*.domain.com for common name/FQDN question.

Have Secure Web Server.

Please comment if you have any problem or suggestions, I will be happy to help you.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s