Description:

The steps below guide a user on how to create a CSR for a domain in each of the different environments.


Create a step-by-step guide


Step 1: Create a prod, qa and uat directories. 

mkdir prod qa uat


Step 2: Create a csr.conf file in the current directory

  • Create the csr file with the following contents:
  • Replace the organization and organization unit name with your own company name and leave everything the same.
[ req ]
default_bits       = 2048
default_md         = sha256
default_keyfile    = DOMAIN.key
prompt             = no
encrypt_key        = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
# distinguished_name
[ req_distinguished_name ]
countryName            = "ZA"
localityName           = "GP"
organizationName       = "ORGANIZATION NAME"
organizationalUnitName = "ORGANIZATION UNIT NAME"
commonName             = "*.DOMAIN"
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.DOMAIN


Step 3: Create a domains file in each directory

  • Create a domain file in each directory created in step 1. The file contains all the domain linked with the particular cluster for the different environments.
  • To create a domains file use the command below:
touch prod/domains qa/domains uat/domains
  • To edit a domain file, use the vim/nano command:

vim prod/domains
  • Add the domains you want to create the CSR's inside the domains file, like the example below and save the file.
test.local.domain.prod
name-prod.domain.io
test-domain.co.za

Step 4: Create a shell script

  • Create a shell script named generate-csr.sh with the following content below:

  • The script will generate a new csr, key and csr.conf for the domains specified in step 3 in the provided directory.

           

#!/bin/bash

if [ -z "$1" ]
then
  echo -e "Please provide a directory name. Has to be prod, qa or uat"
  exit 1
fi

for domain in `cat $1/domains`
do
  if [ -d "$1/$domain" ]
  then
    echo -e "domain directory exists, changing current directory to old directory"
    mv $1/$domain $1/$domain-$(date +"%d-%m-%Y")-old~
  fi

  if [ ! -d "$1/$domain" ]
  then
    mkdir $1/$domain
    echo -e "\nGenerating CSR and key for $domain"
    echo "generating openssl configuration - $domain/csr.conf"
    sed "s/DOMAIN/$domain/g" csr.conf > $1/$domain/csr.conf
    echo -e "generating 2048 bit key - $domain/$domain.key"
    openssl genrsa -out $1/$domain/$domain.key 2048
    echo -e "generating certificate signing request - $domain/$domain.csr"
    openssl req -config $1/$domain/csr.conf -new -key $1/$domain/$domain.key -out $1/$domain/$domain.csr -verbose
    echo -e "checking certificate signing request $domain/$domain.csr "
    openssl req -text -noout -verify -in $1/$domain/$domain.csr
    echo -e "checking key $domain/$domain.key"
    openssl rsa -in $1/$domain/$domain.key -check
  fi

done

Step 5: Running the script

  • To make sure the script executable, use the command below:

chmod +x generate-csr.sh

  • To run the script, use the command below.

  • The name parameter should be replaced with either qa, uat or prod and the new csr will be created.

./generate-csr.sh <directory name>