Description:
The steps below guide a user on how to create a CSR for a domain in each of the different environments.
Create a step-by-step guide
Step 1: Create a prod, qa and uat directories.
mkdir prod qa uat
Step 2: Create a csr.conf file in the current directory
- Create the csr file with the following contents:
- Replace the organization and organization unit name with your own company name and leave everything the same.
[ req ] default_bits = 2048 default_md = sha256 default_keyfile = DOMAIN.key prompt = no encrypt_key = no distinguished_name = req_distinguished_name req_extensions = v3_req # distinguished_name [ req_distinguished_name ] countryName = "ZA" localityName = "GP" organizationName = "ORGANIZATION NAME" organizationalUnitName = "ORGANIZATION UNIT NAME" commonName = "*.DOMAIN" [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.DOMAIN
Step 3: Create a domains file in each directory
- Create a domain file in each directory created in step 1. The file contains all the domain linked with the particular cluster for the different environments.
- To create a domains file use the command below:
touch prod/domains qa/domains uat/domains
To edit a domain file, use the vim/nano command:
vim prod/domains
- Add the domains you want to create the CSR's inside the domains file, like the example below and save the file.
test.local.domain.prod name-prod.domain.io test-domain.co.za
Step 4: Create a shell script
Create a shell script named generate-csr.sh with the following content below:
The script will generate a new csr, key and csr.conf for the domains specified in step 3 in the provided directory.
#!/bin/bash
if [ -z "$1" ]
then
echo -e "Please provide a directory name. Has to be prod, qa or uat"
exit 1
fi
for domain in `cat $1/domains`
do
if [ -d "$1/$domain" ]
then
echo -e "domain directory exists, changing current directory to old directory"
mv $1/$domain $1/$domain-$(date +"%d-%m-%Y")-old~
fi
if [ ! -d "$1/$domain" ]
then
mkdir $1/$domain
echo -e "\nGenerating CSR and key for $domain"
echo "generating openssl configuration - $domain/csr.conf"
sed "s/DOMAIN/$domain/g" csr.conf > $1/$domain/csr.conf
echo -e "generating 2048 bit key - $domain/$domain.key"
openssl genrsa -out $1/$domain/$domain.key 2048
echo -e "generating certificate signing request - $domain/$domain.csr"
openssl req -config $1/$domain/csr.conf -new -key $1/$domain/$domain.key -out $1/$domain/$domain.csr -verbose
echo -e "checking certificate signing request $domain/$domain.csr "
openssl req -text -noout -verify -in $1/$domain/$domain.csr
echo -e "checking key $domain/$domain.key"
openssl rsa -in $1/$domain/$domain.key -check
fi
doneStep 5: Running the script
To make sure the script executable, use the command below:
chmod +x generate-csr.sh
To run the script, use the command below.
The name parameter should be replaced with either qa, uat or prod and the new csr will be created.
./generate-csr.sh <directory name>