#!/usr/bin/env ruby require "fileutils" require "open3" def cmd(*cmd) stdout, stderr, status = Open3.capture3(*cmd) unless status.success? warn "Command failed: #{cmd.join(' ')}" warn stderr exit status.exitstatus || 1 end stdout end subcommand = ARGV.shift&.to_sym arg1 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil arg2 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil $domains = ["mediacenter.lan"] $ips = ["192.168.0.94"] ### Setting up for client $cn = $domains.first name = $cn.gsub("*", "wildcard") dir = "certs" FileUtils.mkdir_p(dir) $key = File.join(dir, "#{name}.key.pem") $csr = File.join(dir, "#{name}.csr.pem") $crt = File.join(dir, "#{name}.crt.pem") $ext = File.join(dir, "#{name}.ext") ############################ ### Setting up for CA $ca_name = "My Lab" ############################# def create_CA cmd "openssl", "genrsa", "-out", "rootCA.key.pem", "4096" cmd "chmod", "600", "rootCA.key.pem" cmd "openssl", "req", "-x509", "-new", "-nodes", "-key", "rootCA.key.pem", "-sha256", "-days", "3650", "-out", "rootCA.crt.pem", "-subj", "/C=XX/ST=Lab/L=Local/O=#{$ca_name}/CN=#{$ca_name} Root CA" end def create_CSR cmd "openssl", "genrsa", "-out", $key, "2048" cmd "openssl", "req", "-new", "-key", $key, "-out", $csr, "-subj", "/CN=#{$cn}/O=#{$ca_name}" end def create_extfile ext_lines = [] ext_lines << "basicConstraints=CA:FALSE" ext_lines << "keyUsage=digitalSignature,keyEncipherment" ext_lines << "extendedKeyUsage=serverAuth" ext_lines << "subjectAltName=@alt_names" ext_lines << "[alt_names]" $domains.each_with_index do |d, i| ext_lines << "DNS.#{i + 1}=#{d}" end $ips.each_with_index do |ip, j| ext_lines << "IP.#{j + 1}=#{ip}" end File.write($ext, ext_lines.join("\n") + "\n") end def sign_with_CA cmd "openssl", "x509", "-req", "-in", $csr, "-CA", "rootCA.crt.pem", "-CAkey", "rootCA.key.pem", "-CAcreateserial", "-out", $crt, "-days", "397", "-sha256", "-extfile", $ext end case subcommand when :ca create_CA when :csr create_CSR when :casign create_extfile sign_with_CA else puts "no command handler" end