0

I'm trying to create bash script to generate certificates via openssl in a loop with different parameters. Of course it's easy to write many lines of code with different parameters, something like:

#!/bin/bash
openssl req -x509 -sha256 -nodes -days 1 -newkey rsa:1024 -keyout private1024_1.key -out RSA_1024_1_SHA256.crt -subj "/C=XX/ST=XXX/L=XXX /O=xxx/OU=xxx/CN=xx.xx/emailAddress=xx@xx.xx"
openssl req -x509 -sha256 -nodes -days 3 -newkey rsa:1024 -keyout private1024_3.key -out RSA_1024_3_SHA256.crt -subj "/C=XX/ST=XXX/L=XXX /O=xxx/OU=xxx/CN=xx.xx/emailAddress=xx@xx.xx"

but I don't think that's a good practice. So I would like to create some loops with variables where I can set:

  • number of days;
  • type of rsa(1024/2048/4096);
  • name of private key according to type of rsa and numbers of day;
  • name of certificate according to type of rsa and numbers of day.

About -subj I think just make a separate table of variables and change them if need. I'm not so close with coding, but hope that it's possible to realize this idea with loops.

I will be grateful for any tips or patterns.

Realize next(and it's working):

#!/bin/bash
# Certificate details; replace items in angle brackets with your own info
subj="
C=XX
ST=XXX
O=XXXX
localityName=XXX xx
commonName=xxx.xx
organizationalUnitName=xxx xx
emailAddress=test@xxx.xx
"
declare -a days=(1 3 5 10 15 30 365)
declare -a rsatype=(1024 2048 4096)
declare -a sha=(sha1 md5 sha256 sha512)
dd=7
rst=3
shat=4
for ((i = 0; i < dd; i++))
 do
   for((j = 0; j < rst; j++))
    do
     for((k = 0; k < shat; k++))
      do 
        keyout=private${rsatype[$j]}_${days[$i]}.key
        out=RSA_${rsatype[$j]}_${days[$i]}_${sha[$k]}.crt
        openssl req -x509 -${sha[$k]} -nodes -days ${days[$i]} -newkey rsa:"${rsatype[$j]}" -keyout "$keyout" -out "$out" -subj "$(echo -n "$subj" | tr "\n" "/")"
      done
    done
  done
Maxim Shyrokyy
  • 49
  • 5

1 Answers1

1

You can just use two arrays for the number of days and rsa type, while the name of the private key and the name of certificate are determined from the data of the two arrays. Then you iterate a loop over the array elements. Example:

#!/bin/bash
declare -a days=(1 3)
declare -a rsatype=(1024 2048)
tot=2
for ((i = 0; i < tot; i++))
do
   keyout=private${rsatype[$i]}_${days[$i]}.key
   out=RSA_${rsatype[$i]}_${days[$i]}_SHA256.crt
   openssl req -x509 -sha256 -nodes -days ${days[$i]} -newkey rsa:${rsatype[$i]} \
         -keyout $keyout -out $out \
         -subj "/C=XX/ST=XXX/L=XXX /O=xxx/OU=xxx/CN=xx.xx/emailAddress=xx@xx.xx"
done
francesco
  • 7,189
  • 7
  • 22
  • 49
  • This will just make 2 files: `1:1024` and `3:2048`. You have to encapsulate two loop for iterating on each `arrays`. – F. Hauri - Give Up GitHub Dec 14 '18 at 09:39
  • Lines 2 and 4 could by grouped as `declare -a days=(1 3)`, like lines 3 and 5: `declare -a rsatype=(1024 2048)`. Syntaxe `for ((i=0;i<2;i++)) ;do ...` or `for i in {0..1};do ...` are more readable than `while` for this kind of loop. – F. Hauri - Give Up GitHub Dec 14 '18 at 10:01
  • @F.Hauri Thanks for comment, I updated the answer. Concerning loops: I interpreted the question as wanting specific combinations of days/rsa types, hence the single loop. Of course, to generate *all* combinations one needs 2 nested loops. – francesco Dec 14 '18 at 10:22
  • Unfortunately isn't working... something wrong with openssl when take it parameters keyout and out. Try to see what get via echo $keyout and seems all good, but openssl say: private1024_1.key unknown option req [options] outfile where options are – Maxim Shyrokyy Dec 14 '18 at 15:25
  • @MaximShyrokyy Try to run the script with ```bash -x```, that will print out exactly all the command being called. It should give you an idea of where the option is incorrect. – francesco Dec 14 '18 at 20:46