/genssl

A simple wrapper for OpenSSL used to generate certificates for applications that provide encrypted services.

Primary LanguageShellGNU General Public License v2.0GPL-2.0

genssl

A simple wrapper for OpenSSL used to generate certificates for applications that provide encrypted services.

Syntax

Syntax: $> genssl -[s|r|t|v] [options] domain1 [domain2 [...]]
  Actions:
     -v
     --verify            Verify generated keys.

     -s
     --self-signed       Generate a self signed-key.

     -r
     --registered        Generate a registered key. This must be
                          sent to third party to have certificate
                          officially signed.
     -t
     --test-key          Generate a test key This is similar to self-
                          signed but without an expiry date.
  Options:
     -p
     --use-passphrase    Generated key to include a passphrase

     -e DAYS
     --expiry-date=DAYS  Set the expiry date of a self-signed key.
                          The value must be between 1 and 999;
                          Default is '730'
     -c CODE
     --countrycode=CODE  Set country code; Default is '7K'

     -P PROVINCE
     --province=PROVINCE Set province; Default is 'Westerlands'
                          This is the same field as the --state (-a)
     -a STATE
     --state=STATE       Set state; Default is 'Westerlands'
                          This is the same field as the --province (-P)

     -l LOCATION
     --location=LOCATION Set location; Default is 'Casterly Rock'

     -o ORG
     --organization=ORG  Set organization; Default is 'Lannisters'

     -d DEPT
     --department=DEPT   Set department; Default is ''

     -h
     --help              Show this help screen

Examples

Generate a self signed certificate for nuxref.com:

genssl -s nuxref.com
# produces the following:
# nuxref.com.key (the private key)
# nuxref.com.crt (the public certificate/key)
# nuxref.com.README (some useful information for admins)

generate as may keys as you want by specifying more then one on the command line:

genssl -s example.com test.com nuxref.com
# produces the following:
# example.com.key (the private key)
# example.com.crt (the public certificate/key)
# example.com.README (some useful information for admins)
# test.com.key (the private key)
# test.com.crt (the public certificate/key)
# test.com.README (some useful information for admins)
# nuxref.com.key (the private key)
# nuxref.com.crt (the public certificate/key)
# nuxref.com.README (some useful information for admins)

This tool can also be used to generate unsigned certificates so that you can easily pass it along to Certificate Authoritive Services to be signed.

genssl -r nuxref.com
# produces the following:
# nuxref.com.key (the private key)
# nuxref.com.csr (the unsigned certificate you can pass along to be signed)
# nuxref.com.README (some useful information for admins)

You can easily verify the keys generated by just running this tool with the --verify (-v) switch.

genssl -v

Default Configuration

You can use the switches available to the tool to set some common settings, but you can also just set them in a global file that is sourced each time before the tool is ran. This can allow you to customize the tool uniquely to your specific environment. The following configuration files (if they exist) are sourced in the following order:

  1. /etc/genssl
  2. ~/.config/genssl
  3. ~/.genssl
# The country code is represented in it's 2 letter abbreviated version:
# hence: CA, US, UK, etc
# Defaults to "7K" if none is specified. You can also override
# this with the --countrycode= (-c) CLI argument
GENSSL_COUNTRY="7K"
# Your organization/company Name
# Defaults to "Lannisters" if none is specified. You can also override
# this with the --organization= (-o) CLI argument
GENSSL_ORG="Lannisters"
# The Province and or State you reside in
# Defaults to "Westerlands" if none is specified. You can also override
# this with the --state= (-a) or --province= (-P) CLI argument
GENSSL_PROVSTATE="Westerlands"
# Identify the City/Town you reside in
# Defaults to "Casterly Rock" if none is specified. You can also override
# this with the --location= (-l) CLI argument.
GENSSL_LOCATION="Casterly Rock"
# Define a department; this is loosely used. Some just leave it blank
# Defaults to "" (blank) if not is specified. You can also overrride
# this with the --department= (-d) CLI argument
GENSSL_DEPT=""