Description:
The steps below guide a user on how to create a CSR for a domain in each of the different environments.
Create a step-by-step guide
Step 1: Create a prod, qa and uat directories.
mkdir prod qa uat
Step 2: Create a csr.conf file in the current directory
- Create the csr file with the following contents:
- Replace the organization and organization unit name with your own company name and leave everything the same.
[ req ] default_bits = 2048 default_md = sha256 default_keyfile = DOMAIN.key prompt = no encrypt_key = no distinguished_name = req_distinguished_name req_extensions = v3_req # distinguished_name [ req_distinguished_name ] countryName = "ZA" localityName = "GP" organizationName = "ORGANIZATION NAME" organizationalUnitName = "ORGANIZATION UNIT NAME" commonName = "*.DOMAIN" [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.DOMAIN
Step 3: Create a domains file in each directory
- Create a domain file in each directory created in step 1. The file contains all the domain linked with the particular cluster for the different environments.
- To create a domains file use the command below:
touch prod/domains qa/domains uat/domains
To edit a domain file, use the vim/nano command:
vim prod/domains
- Add the domains you want to create the CSR's inside the domains file, like the example below and save the file.
test.local.domain.prod name-prod.domain.io test-domain.co.za
Step 4: Create a shell script
Create a shell script named generate-csr.sh with the following content below:
The script will generate a new csr, key and csr.conf for the domains specified in step 3 in the provided directory.
#!/bin/bash if [ -z "$1" ] then echo -e "Please provide a directory name. Has to be prod, qa or uat" exit 1 fi for domain in `cat $1/domains` do if [ -d "$1/$domain" ] then echo -e "domain directory exists, changing current directory to old directory" mv $1/$domain $1/$domain-$(date +"%d-%m-%Y")-old~ fi if [ ! -d "$1/$domain" ] then mkdir $1/$domain echo -e "\nGenerating CSR and key for $domain" echo "generating openssl configuration - $domain/csr.conf" sed "s/DOMAIN/$domain/g" csr.conf > $1/$domain/csr.conf echo -e "generating 2048 bit key - $domain/$domain.key" openssl genrsa -out $1/$domain/$domain.key 2048 echo -e "generating certificate signing request - $domain/$domain.csr" openssl req -config $1/$domain/csr.conf -new -key $1/$domain/$domain.key -out $1/$domain/$domain.csr -verbose echo -e "checking certificate signing request $domain/$domain.csr " openssl req -text -noout -verify -in $1/$domain/$domain.csr echo -e "checking key $domain/$domain.key" openssl rsa -in $1/$domain/$domain.key -check fi done
Step 5: Running the script
To make sure the script executable, use the command below:
chmod +x generate-csr.sh
To run the script, use the command below.
The name parameter should be replaced with either qa, uat or prod and the new csr will be created.
./generate-csr.sh <directory name>