2 # $Id: csrgen 4043 2014-05-23 09:35:30Z tglase $
4 # Copyright © 2010, 2011, 2014
5 # Thorsten Glaser <t.glaser@tarent.de>
7 # Provided that these terms and disclaimer and all copyright notices
8 # are retained or reproduced in an accompanying document, permission
9 # is granted to deal in this work without restriction, including un-
10 # limited rights to use, publicly perform, distribute, sell, modify,
11 # merge, give away, or sublicence.
13 # This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
14 # the utmost extent permitted by applicable law, neither express nor
15 # implied; without malicious intent or gross negligence. In no event
16 # may a licensor, author or contributor be held liable for indirect,
17 # direct, other damage, loss, or other issues arising in any way out
18 # of dealing in the work, even if advised of the possibility of such
19 # damage or existence of a defect, except proven that it results out
20 # of said person's immediate fault when using the work as intended.
27 if [[ $REQUEST_METHOD != GET ]]; then
28 feedback="Not called via HTTP GET."
31 if [[ $HTTPS != on ]]; then
32 feedback="Not called via HTTPS."
36 set -A flds -- $QUERY_STRING
41 for fld in "${flds[@]}"; do
43 (fqdn) xfqdn=${fld#*=} ;;
44 (strength) xstrength=${fld#*=} ;;
45 (doit) xaction=${fld#*=} ;;
46 (*) feedback="Invalid QUERY_STRING."; return ;;
49 [[ $xaction = 0 ]] && return
50 if [[ $xaction != Erstellen ]]; then
51 feedback="Submit button not pressed."
54 if [[ $xstrength != @(2048|3072|4096) ]]; then
55 feedback="Invalid strength given."
58 if [[ $xfqdn != ?('*.')[a-zA-Z0-9]?(*([a-zA-Z0-9-])[a-zA-Z0-9])+(.[a-zA-Z0-9]?(*([a-zA-Z0-9-])[a-zA-Z0-9])) ]]; then
59 feedback="Invalid hostname (FQDN) given."
62 if ! K=$(openssl genrsa $xstrength 2>/dev/null); then
63 feedback="Could not generate $xstrength bit secret key."
66 if ! R=$(print -r -- "$K" | openssl req -batch -new -sha1 \
67 -config /openssl.cnf -subj "/CN=${xfqdn}/" -key /dev/stdin \
69 feedback="Could not generate CSR for ${xfqdn}."
73 Content-type: text/plain
75 Congratulations, I generated a CSR for ${xfqdn} for you to
76 copy and paste into the CA web form:
81 The secret key (for /etc/ssl/private/\$foo.key - chown root:ssl-cert
82 chmod 0640) of ${xstrength} bit length is:
86 I will not save any copies of this, make sure to protect them!
95 Content-type: text/html; charset=UTF-8
97 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
98 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
99 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>
100 <title>Generierung eines Certificate Signing Request</title>
101 <style type="text/css"><!--/*--><![CDATA[/*><!--*/
102 strong { background-color:#FF0000; color:#000000; }
105 <h1>Generierung eines Certificate Signing Request</h1>
107 [[ -z $feedback ]] || print -r -- "<p><strong>$feedback</strong></p>"
108 if [[ $HTTPS != on ]]; then
109 echo '</body></html>'
113 <form action="csrgen" method="get">
114 <p>Hostname: <input name="fqdn" type="text" size="32" maxlength="255" /></p>
116 <input type="radio" name="strength" value="2048" checked="checked" />2048 Bit<br />
117 <input type="radio" name="strength" value="3072" />3072 Bit<br />
118 <input type="radio" name="strength" value="4096" />4096 Bit
120 <p><input type="submit" name="doit" value="Erstellen" /></p>