#!/bin/sh
if [ $# -lt 2 ] ; then
echo "Usage:$0 {create|pkcs12|check} {domain}"
exit 0
fi
DN=$2
case "$1" in
create)
openssl genrsa -out $2.key 2048
keycontent(){
cat << EOF
Country Name (2 letter code) []:TW
State or Province Name (full name) []:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) []:Company
Organizational Unit Name (eg, section) []:Digital IT
Common Name (eg, fully qualified host name) []: $DN.company.com.tw
Email Address []:null
A challenge password []:null
EOF
}
keycontent
openssl req -new -sha256 -key $2.key -out $2.csr
;;
pkcs12)
openssl pkcs12 -export -in $2.crt -inkey $2.key -out $2.pfx -certfile ca.crt -password pass:1234567890
#openssl pkcs12 -export -in $2.crt -inkey $2.key -out $2.pfx -password pass:1234567890
echo "done."
echo "Password is 1234567890"
read -p "do you wang to check PKC12 file ? " answer
if [ $answer = "y" ] ; then
openssl pkcs12 -info -in $2.pfx
fi
;;
check)
openssl req -in $2.csr -pubkey -noout -outform pem | shasum
openssl pkey -in $2.key -pubout -outform pem | shasum
openssl x509 -in $2.crt -pubkey -noout -outform pem | shasum
;;
*)
echo "Usage:$0 {create|pkcs12|check} {domain}"
exit 1
;;
esac