From 6931db7d7ecaf831ec08acf9ed9f1a5175804bef Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Apr 2025 18:21:55 +0200 Subject: initial commit --- request_cert.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 request_cert.sh (limited to 'request_cert.sh') diff --git a/request_cert.sh b/request_cert.sh new file mode 100644 index 0000000..a3d37e2 --- /dev/null +++ b/request_cert.sh @@ -0,0 +1,43 @@ +#!/usr/bin/bash +# Usage: request_cert.sh +# Sample JSON: +# { +# "common_name": "", +# "alt_names": "", +# "ip_sans": "212.12.255.3,212.12.255.4,213.12.255.3,213.12.255.4", +# "ttl": "180d" + +# } +# +# Simple Usage: request_cert.sh -s +# + +if [ -z "${VAULT_TOKEN}" ]; then + read -p USER: LDAPUSER + read -s -p PASSWORD: LPDAPASSWD + VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -d "{ \"password\": \"$LPDAPASSWD\"}" https://vault.dings:8200/v1/auth/ldap/login/$LDAPUSER | jq -r ".auth.client_token" ) + echo $VAULT_TOKEN +fi + + +if [ -z "$1" ]; then + echo "USAGE: $0 -s |" + exit 1 +fi + +if [ "$1" == "-s" ]; then + CN=$2 + DATA=$( curl -s --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{ \"common_name\": \"$CN\", \"ttl\": \"90d\" }" https://vault.dings:8200/v1/pki_rz_q-ca_2021aa/issue/rz-drv ) +else + CN=$( cat $1 | jq -r ".common_name" ) + DATA=$( curl -s --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data @$1 https://vault.dings:8200/v1/pki_rz_q-ca_2021aa/issue/rz-drv ) +fi + +[ -d $CN ] && rm -r $CN +mkdir $CN || exit 1 + +echo $DATA > $CN/$CN.json +echo $DATA | jq -r '.data.certificate' > $CN/$CN.cer +echo $DATA | jq -r '.data.private_key' > $CN/$CN.key +echo $DATA | jq -r '.data.ca_chain|join("\n")' > $CN/$CN.ca_chain +cat $CN/$CN.cer $CN/$CN.ca_chain > $CN/$CN.cer_with_ca_chain -- cgit v1.2.3