environment/bin/ssl

#!/usr/bin/env ruby

require "fileutils"
require "open3"

def cmd(*cmd)
  stdout, stderr, status = Open3.capture3(*cmd)
  unless status.success?
    warn "Command failed: #{cmd.join(' ')}"
    warn stderr
    exit status.exitstatus || 1
  end
  stdout
end

subcommand = ARGV.shift&.to_sym
arg1 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
arg2 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil

$domains = ["mediacenter.lan"]
$ips = ["192.168.0.94"]


### Setting up for client
$cn   = $domains.first
name = $cn.gsub("*", "wildcard") 

dir = "certs"
FileUtils.mkdir_p(dir)
$key = File.join(dir, "#{name}.key.pem")
$csr = File.join(dir, "#{name}.csr.pem")
$crt = File.join(dir, "#{name}.crt.pem")
$ext = File.join(dir, "#{name}.ext")
############################

### Setting up for CA

$ca_name = "My Lab"

#############################

def create_CA
    cmd "openssl", "genrsa", "-out", "rootCA.key.pem", "4096"
    cmd "chmod", "600", "rootCA.key.pem"
    cmd "openssl", "req", "-x509", "-new", "-nodes", "-key",
               "rootCA.key.pem", "-sha256", "-days", "3650",
               "-out", "rootCA.crt.pem",
               "-subj", "/C=XX/ST=Lab/L=Local/O=#{$ca_name}/CN=#{$ca_name} Root CA"
end

def create_CSR
    cmd "openssl", "genrsa", "-out", $key, "2048"
    cmd "openssl", "req", "-new", "-key", $key, "-out", $csr, "-subj", "/CN=#{$cn}/O=#{$ca_name}"
end

def create_extfile
    ext_lines = []
    ext_lines << "basicConstraints=CA:FALSE"
    ext_lines << "keyUsage=digitalSignature,keyEncipherment"
    ext_lines << "extendedKeyUsage=serverAuth"
    ext_lines << "subjectAltName=@alt_names"
    ext_lines << "[alt_names]"

    $domains.each_with_index do |d, i|
        ext_lines << "DNS.#{i + 1}=#{d}"
    end

    $ips.each_with_index do |ip, j|
        ext_lines << "IP.#{j + 1}=#{ip}"
    end

    File.write($ext, ext_lines.join("\n") + "\n")
end

def sign_with_CA
    cmd "openssl", "x509", "-req", "-in", $csr,
        "-CA", "rootCA.crt.pem", "-CAkey", "rootCA.key.pem",
         "-CAcreateserial", "-out", $crt, "-days", "397", "-sha256",
        "-extfile", $ext

end

case subcommand
when :ca
    create_CA
when :csr
    create_CSR
when :casign
    create_extfile
    sign_with_CA
else
    puts "no command handler"
end
Example of using SSL: CA => CSR => Sign 2025-08-12 07:35:18 +02:00			`#!/usr/bin/env ruby`

			`require "fileutils"`
			`require "open3"`

			`def cmd(*cmd)`
			`stdout, stderr, status = Open3.capture3(*cmd)`
			`unless status.success?`
			`warn "Command failed: #{cmd.join(' ')}"`
			`warn stderr`
			`exit status.exitstatus \|\| 1`
			`end`
			`stdout`
			`end`

			`subcommand = ARGV.shift&.to_sym`
			`arg1 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil`
			`arg2 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil`

			`$domains = ["mediacenter.lan"]`
			`$ips = ["192.168.0.94"]`


			`### Setting up for client`
			`$cn = $domains.first`
			`name = $cn.gsub("*", "wildcard")`

			`dir = "certs"`
			`FileUtils.mkdir_p(dir)`
			`$key = File.join(dir, "#{name}.key.pem")`
			`$csr = File.join(dir, "#{name}.csr.pem")`
			`$crt = File.join(dir, "#{name}.crt.pem")`
			`$ext = File.join(dir, "#{name}.ext")`
			`############################`

			`### Setting up for CA`

			`$ca_name = "My Lab"`

			`#############################`

			`def create_CA`
			`cmd "openssl", "genrsa", "-out", "rootCA.key.pem", "4096"`
			`cmd "chmod", "600", "rootCA.key.pem"`
			`cmd "openssl", "req", "-x509", "-new", "-nodes", "-key",`
			`"rootCA.key.pem", "-sha256", "-days", "3650",`
			`"-out", "rootCA.crt.pem",`
			`"-subj", "/C=XX/ST=Lab/L=Local/O=#{$ca_name}/CN=#{$ca_name} Root CA"`
			`end`

			`def create_CSR`
			`cmd "openssl", "genrsa", "-out", $key, "2048"`
			`cmd "openssl", "req", "-new", "-key", $key, "-out", $csr, "-subj", "/CN=#{$cn}/O=#{$ca_name}"`
			`end`

			`def create_extfile`
			`ext_lines = []`
			`ext_lines << "basicConstraints=CA:FALSE"`
			`ext_lines << "keyUsage=digitalSignature,keyEncipherment"`
			`ext_lines << "extendedKeyUsage=serverAuth"`
			`ext_lines << "subjectAltName=@alt_names"`
			`ext_lines << "[alt_names]"`

			`$domains.each_with_index do \|d, i\|`
			`ext_lines << "DNS.#{i + 1}=#{d}"`
			`end`

			`$ips.each_with_index do \|ip, j\|`
			`ext_lines << "IP.#{j + 1}=#{ip}"`
			`end`

			`File.write($ext, ext_lines.join("\n") + "\n")`
			`end`

			`def sign_with_CA`
			`cmd "openssl", "x509", "-req", "-in", $csr,`
			`"-CA", "rootCA.crt.pem", "-CAkey", "rootCA.key.pem",`
			`"-CAcreateserial", "-out", $crt, "-days", "397", "-sha256",`
			`"-extfile", $ext`

			`end`

			`case subcommand`
			`when :ca`
			`create_CA`
			`when :csr`
			`create_CSR`
			`when :casign`
			`create_extfile`
			`sign_with_CA`
			`else`
			`puts "no command handler"`
			`end`