One click generate ssl . certificate

[Ley-VN]

As title, can you integrate?

[chise0713]

No need to integrate it, heres a simple oneclick scrpit.

#!/bin/bash
set -e
"/tmp/cert.ext"
for arg in "$@"; do
  case $arg in
    --pwd=*)
      pwd="${arg#*=}"
      ;;
  esac
done
for arg in "$@"; do
  IFS='=' read -r key value <<< "$arg"
  IFS='/' read -ra addresses <<< "$value"
  case $key in
    --ip)
      ip+=("${addresses[@]}")
      ;;
    --dns)
      DNS+=("${addresses[@]}")
      ;;
    --pwd)
      echo "Using custom CA pemkey"
      ;;
    *)
      echo "Invalid argument: $arg"
      exit 1
      ;;
  esac
done
ip+=($(ip addr | awk '/inet / && $2 !~ /^127|^10\.|^172\.(1[6-9]|2[0-9]|3[0-1])\.|^192\.168\./ {print $2}'))
ip+=($(ip addr | awk '/inet6 / && $2 !~ /^fe80:|^::1/ {print $2}'))
[[ -z $ip ]] && ip+=('0.0.0.0') && echo -e "No Public IP Found.\nAdd 0.0.0.0 to \$ip"
for ((i = 0; i < ${#ip[@]}; i++)); do
    ip_without_cidr=$(echo "${ip[$i]}" | awk -F/ '{print $1}')
    ip[$i]=$ip_without_cidr
done

[[ -z $pwd ]] && pwd=$(openssl rand -base64 128 | awk '{printf $1}')
hostname=$(cat /etc/hostname)
cd /tmp
openssl genrsa -aes256 -out /etc/ssl/$hostname.CA.key -passout "pass:$pwd"
openssl req -x509 -new -nodes -key /etc/ssl/$hostname.CA.key -sha256 -days 7300 -out /etc/ssl/$hostname.CA.crt -subj "/C=CN/ST=Shanghai/L=Shanghai/O=Koinu Ltd/OU=IT/CN=$hostname" -passin "pass:$pwd" 
openssl genrsa -out /etc/ssl/$hostname.key 4096 
openssl req -new -key /etc/ssl/$hostname.key -out /etc/ssl/$hostname.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=Koinu Ltd/OU=IT/CN=$hostname" 
echo -e "authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]" >> /tmp/cert.ext
for ((i = 0; i < ${#ip[@]}; i++)); do
    ipFi="IP.$((i + 1)) = ${ip[$i]}"
    echo "$ipFi" >> "/tmp/cert.ext"
done

for ((i = 0; i < ${#DNS[@]}; i++)); do
    dns="DNS.$((i + 1 + ${#ip[@]})) = ${DNS[$i]}"
    echo "$dns" >> "/tmp/cert.ext"
done
openssl x509 -passin "pass:$pwd" -req -in /etc/ssl/$hostname.csr -out /etc/ssl/$hostname.crt -days 3650 -CAcreateserial -CA /etc/ssl/$hostname.CA.crt -CAkey /etc/ssl/$hostname.CA.key -CAserial serial -extfile /tmp/cert.ext
cat "/tmp/cert.ext" && rm -rf "/tmp/cert.ext"
echo -e "\nCA pemkey=\"$pwd\"\ndone\n"
for INS in ls /etc/ssl/$hostname.*; do
  if [ -e "$INS" ]; then
    echo "Installed: $INS"
  fi
done

The generated file will saved as /ssl/$hostname. key/ crt / CA.key/ CA.crt