Certificate Management Script

Overview

This Bash script provides functionality to create and manage client, server, and root certificates using OpenSSL. It allows generating keys and certificates, signing requests, and organizing the certificate structure within a specified directory.

Prerequisites

• Ensure you have Bash installed.
• OpenSSL must be installed on your system.

Usage

The script takes one of the following commands:

• root: Generate the root Certificate Authority (CA) key and certificate.
• server <server_name>: Create a key and a signed certificate for a server.
• client <client_name>: Create a key and a signed certificate for a client.
• remove: Removes all existing certificates and keys from the CA directory.

Configuration

Set these environment variables to customize the behavior:

• CA_ROOT_NAME: Name for the root CA (default: "home").
• CA_PATH: Directory where certificates and keys are stored (default: "/var/local/ca").
• CA_ROOT_KEY: File path for the root CA key.
• CA_ROOT_CERT: File path for the root CA certificate.
• CA_ROOT_DAYS: Validity period for the root CA certificate in days (default: 3650).

Example

# Create root CA
./script.sh root

# Create server certificate
./script.sh server example.com

# Create client certificate
./script.sh client client1

# Remove all certificates and keys
./script.sh remove

Notes

Ensure your path and permissions allow the script to read/write in the specified CA_PATH. Be cautious with the remove command as it deletes all certificates and keys within CA_PATH.