On this page

openssl_setup.info

Automates the setup of SSL certificate management directories, generates random serial numbers, and creates necessary OpenSSL configuration files for a root certificate authority (CA) and a time-stamping authority (TSA).

info

ChatGPT has contributed to this document. Therefore, it’s advisable to treat the information here with caution and verify it if necessary.

Let’s break down what this script does in detail. The script is named openssl_setup.sh, authored by GJS (homelab-alpha), and its purpose is to set up a directory structure for SSL certificate management, generate random serial numbers for certificate databases, and create OpenSSL configuration files for a trusted identity (root certificate authority) and a time-stamping authority (TSA). The script requires OpenSSL to be installed and write permissions in the specified directories.

Here’s a detailed explanation:

Script Metadata

Filename: openssl_setup.sh
Author: GJS (homelab-alpha)
Date: June 10, 2024
Version: 1.0.1
Description: Sets up SSL certificate management directories, generates random serial numbers, and creates OpenSSL configuration files.
Requirements: OpenSSL installed, write permissions in specified directories.
RAW Script: openssl_setup.sh

Detailed Explanation

Functions

Print Text in Cyan

print_cyan() {
  echo -e "\e[36m$1\e[0m" # \e[36m sets text color to cyan, \e[0m resets it
}

This function prints text in cyan color for better visibility in the terminal.

Generate Random Hex Value

generate_random_hex() {
  openssl rand -hex 16
}

Generates a random 16-byte hexadecimal value using OpenSSL’s random number generator.

Print Section Header

print_section_header() {
  echo ""
  echo ""
  echo -e "$(print_cyan "=== $1 === ")"
}

Prints section headers in cyan to distinguish different parts of the script output.

Directory Structure

Define Directories

ssl_dir="$HOME/ssl"
root_dir="$ssl_dir/root"
intermediate_dir="$ssl_dir/intermediate"
certificates_dir="$ssl_dir/certificates"
tsa_dir="$ssl_dir/tsa"

Defines the main directory and subdirectories for SSL certificates and related files.

Create Directory Structure

print_section_header "Create directory structure"
mkdir -p "$root_dir"/{certs,crl,csr,db,newcerts,private} \
  "$intermediate_dir"/{certs,crl,csr,db,newcerts,private} \
  "$certificates_dir"/{certs,csr,extfile,private} \
  "$tsa_dir"/{cacerts,db,private,tsacerts}

Creates the necessary directory structure for managing SSL certificates, including directories for root and intermediate CAs, certificates, and TSA.

Database Files

Create Database Files

print_section_header "Create DataBase files"
touch "$root_dir/db/index.txt"
touch "$intermediate_dir/db/index.txt"

Creates index files for the certificate databases.

Renew DB Serial Numbers

print_section_header "Renew db serial numbers"
for dir in "$ssl_dir/root/db" "$intermediate_dir/db" "$ssl_dir/tsa/db"; do
  generate_random_hex >"$dir/serial"
done
generate_random_hex >"$ssl_dir/root/db/crlnumber"
generate_random_hex >"$intermediate_dir/db/crlnumber"

Generates new random serial numbers for the certificate databases and CRL numbers.

OpenSSL Configuration Files

Create OpenSSL Config for Trusted Identity

print_section_header "Create openssl config files for trusted-id"
cat <<EOF >"$root_dir/trusted-id.cnf"
# Configuration file content truncated for brevity
EOF

Creates an OpenSSL configuration file for the trusted identity (root CA). This file contains various settings and extensions used in generating and managing certificates.

Create OpenSSL Config for Root Certificate Authority

print_section_header "Create openssl config files for Root Certificate Authority"
cat <<EOF >"$root_dir/root_ca.cnf"
# Configuration file content truncated for brevity
EOF

Creates an OpenSSL configuration file for the Root Certificate Authority (CA), detailing policies, extensions, and paths to certificate files and databases.

Create OpenSSL Config for Certificate Authority

print_section_header "Create openssl config files for Certificate Authority"
cat <<EOF >"$intermediate_dir/ca.cnf"
# Configuration file content truncated for brevity
EOF

Creates an OpenSSL configuration file for the Certificate Authority (CA), detailing policies, extensions, and paths to certificate files and databases.

Create OpenSSL Config for Certificate

print_section_header "Create openssl config files for Certificate"
cat <<EOF >"$certificates_dir/cert.cnf"
# Configuration file content truncated for brevity
EOF

Creates an OpenSSL configuration file for a Certificate, detailing policies, extensions, and paths to certificate files and databases.

Conclusion

The openssl_setup.sh script automates the setup of an SSL certificate management environment. It creates a structured directory layout, initializes database files, generates unique serial numbers, and sets up configuration files for a root CA and TSA. By using functions for printing and generating random values, the script ensures clarity and security throughout the process. This setup is crucial for managing SSL/TLS certificates in a controlled and organized manner.

Edit this page

Last updated 01 Sep 2024, 10:22 CEST . history

openssl_installer.info

A script for installing and configuring OpenSSL …

trusted-id.info

This script automates the generation and …

openssl_setup.info

Script Metadata link

Detailed Explanation link

Functions link

Print Text in Cyan link

Generate Random Hex Value link

Print Section Header link

Directory Structure link

Define Directories link

Create Directory Structure link

Database Files link

Create Database Files link

Renew DB Serial Numbers link

OpenSSL Configuration Files link

Create OpenSSL Config for Trusted Identity link

Create OpenSSL Config for Root Certificate Authority link

Create OpenSSL Config for Certificate Authority link

Create OpenSSL Config for Certificate link

Conclusion link