blob: e755d3de8b0681d55b2c0555613982b433c4ddff (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/usr/bin/bash
# Usage: request_cert.sh <filename.json>
# Sample JSON:
# {
# "common_name": "",
# "alt_names": "",
# "ip_sans": "212.12.255.3,212.12.255.4,213.12.255.3,213.12.255.4",
# "ttl": "180d"
# }
#
# Simple Usage: request_cert.sh -s <fqdn>
#
set -eu
if [ -z "${VAULT_TOKEN-}" ]; then
read -p USER: LDAPUSER
read -s -p PASSWORD: LPDAPASSWD
login_request_data=$(jq -c -n --arg password "$LDAPUSER" '{$password}'
VAULT_TOKEN=$( curl -s -H "Content-Type: application/json" -d "$login_request_data" https://vault.dings:8200/v1/auth/ldap/login/$LDAPUSER | jq -r ".auth.client_token" )
echo $VAULT_TOKEN
fi
if [ -z "${1-}" ]; then
echo "USAGE: $0 -s <fqdn>|<filename>"
exit 1
fi
if [ "$1" == "-s" ]; then
CN=$2
cert_request_data=$(jq -c -n --arg common_name "$CN" --arg ttl 90d '{$common_name,$ttl}'
else
CN=$( cat $1 | jq -r ".common_name" )
cert_request_data=$(cat "$1")
fi
DATA=$(echo "$cert_request_data" | curl -s -H "X-Vault-Token: $VAULT_TOKEN" -d @- https://vault.dings:8200/v1/pki_rz_q-ca_2021aa/issue/rz-drv )
[ -d $CN ] && rm -r $CN
mkdir $CN
echo $DATA > $CN/$CN.json
echo $DATA | jq -r '.data.certificate' > $CN/$CN.cer
echo $DATA | jq -r '.data.private_key' > $CN/$CN.key
echo $DATA | jq -r '.data.ca_chain|join("\n")' > $CN/$CN.ca_chain
cat $CN/$CN.cer $CN/$CN.ca_chain > $CN/$CN.cer_with_ca_chain
|
