Quick script to manage/maintain a self-managed Certificate Authority and to create certificates under that CA.
First, copy the cert-mgt.conf-sample to cert-mgt.conf and make changes in there as appropriate for your environment.
Then, to create the CA:
./cert-mgt.sh --create-ca
To create all certificates referenced in the config file:
./cert-mgt.sh --create-cert all
Or, to create certificates 1 by 1:
./cert-mgt.sh --create-cert example.com
or with Subject Alternative Names:
./cert-mgt.sh --create-cert example.com --add-on "www.example.com test.example.com"
To get the CA into place:
- CentOS:
- Copy the .crt file to
/etc/pki/ca-trust/source/anchors - run
update-ca-trust
- Copy the .crt file to
- Ubuntu
- Copy the .crt file to
/usr/local/share/ca-certificates/ - run
update-ca-certificates- (if you remove certificates, run
update-ca-certificates --fresh)
- (if you remove certificates, run
- Copy the .crt file to
For elasticsearch:
- You'll want to put in place the
.p12file for elasticsearch For logstash: - You'll want to use the
.crtand.p8files (NO passphrase).