I'm creating certificates in a script.sh to generate certificates with all the data of a user, but I don't know how to bring that data from a CSV, I managed to read the data but I can't figure out how to put it in the command.
my CSV contains (one thousand records):
Country, place, city, company, nameuser, email
EU,HOME,HOME1,DESKTOP,USERNAME,test#gmail.com
xx,xxx,xxxx,xxxx,xxxx,xxxx
xx,xxx,xxxx,xxxx,xxxx,xxxx
etc....
#!/bin/bash
openssl \
req -x509 \
-newkey rsa:4096 \
-keyout user.key \
-out user.crt \
-days 365 \
-nodes \
-subj "/C=EU/ST=HOME/L=HOME1/O=Desktop/CN=USERNAME/emailAddress=test#gmail.com"
thank you!!!
If that CSV data is truly that straightforward, it could be done with a few lines of bash like this (this assumes the CSV data is in data.csv):
#!/bin/bash
# Skip the first line, then read the comma-separated lines into individual variables
tail -n +2 data.csv | while IFS=, read f1 f2 f3 f4 f5 f6; do
echo openssl \
req -x509 \
-newkey rsa:4096 \
-days 365 \
-keyout "$f5.key" \
-out "$f5.crt" \
-nodes \
-subj "/C=$f1/ST=$f2/L=$f3/O=$f4/CN=$f5/emailAddress=$f6"
done
For demonstration purposes I prefixed it with an echo there, just remove that to run the actual commands.
With input like the following...
Country, place, city, company, nameuser, email
EU,HOME,HOME1,DESKTOP,USERNAME,test#gmail.com
x1,xx2,xxx3,xxx4,xxx5,xxx6
y1,yy2,yyy3,yyy4,yyy5,yyy6
... the script will generate command-lines like this (I assumed you would also want unique *.crt and *.key filenames, keyed on the username, by the way):
$ ./cert_gen.sh
openssl req -x509 -newkey rsa:4096 -keyout USERNAME.key -out USERNAME.crt -days 365 -nodes -subj /C=EU/ST=HOME/L=HOME1/O=DESKTOP/CN=USERNAME/emailAddress=test#gmail.com
openssl req -x509 -newkey rsa:4096 -keyout xxx5.key -out xxx5.crt -days 365 -nodes -subj /C=x1/ST=xx2/L=xxx3/O=xxx4/CN=xxx5/emailAddress=xxx6
openssl req -x509 -newkey rsa:4096 -keyout yyy5.key -out yyy5.crt -days 365 -nodes -subj /C=y1/ST=yy2/L=yyy3/O=yyy4/CN=yyy5/emailAddress=yyy6
I'm having a Scirpt and I'm trying to create a self signed Cert:
openssl ecparam -genkey -name secp384r1 -out /etc/nginx/ssl/${MYDOMAIN}.key.pem >/dev/null 2>&1
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.${MYDOMAIN}" >/dev/null 2>&1
openssl req -x509 -days 365 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -in /etc/nginx/ssl/csr.pem -out /etc/nginx/ssl/${MYDOMAIN}.pem >/dev/null 2>&1
The creation of the CSR should be silent due to the -subj paramter, but it's not working at all with this line:
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.${MYDOMAIN}" >/dev/null 2>&1
I'm receiving an error like this:
[INFO] Creating self-signed SSL certificates...
No value provided for Subject Attribute C, skipped
No value provided for Subject Attribute ST, skipped
No value provided for Subject Attribute L, skipped
No value provided for Subject Attribute O, skipped
No value provided for Subject Attribute OU, skipped
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
It was working in that way, before I updated Openssl to 1.1.0...
With:
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem subj "/C=DE/ST=Berlin/L=Berlin/O=Privat/OU=Privat/CN=*.${MYDOMAIN}" >/dev/null 2>&1
I'm getting this error:
[INFO] Creating self-signed SSL certificates...
unknown option subj
req [options] outfile
where options are
[...]
I am trying to install gdb on Mac OS X by following link1 and link2. This process is done in four steps:
installing gdb using brew install gdb
creating a certificate
sign gdb using codesign -s [cert-name] [your-gdb-location]
How can I automate step 2 in a bash script?
This is my final code (based on here, here and here):
cat > myconfig.cnf << EOF
[ req ]
prompt = no
distinguished_name = my dn
[ my dn ]
# The bare minimum is probably a commonName
commonName = VENTOS
countryName = XX
localityName = Fun Land
organizationName = MyCo LLC LTD INC (d.b.a. OurCo)
organizationalUnitName = SSL Dept.
stateOrProvinceName = YY
emailAddress = ssl-admin#example.com
name = John Doe
surname = Doe
givenName = John
initials = JXD
dnQualifier = some
[ my server exts ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning
EOF
echo "generating the private key ..."
openssl genrsa -des3 -passout pass:foobar -out server.key 2048
echo ""
echo "generating the CSR (certificate signing request) ..."
openssl req -new -passin pass:foobar -passout pass:foobar -key server.key -out server.csr -config myconfig.cnf -extensions 'my server exts'
echo ""
echo "generating the self-signed certificate ..."
openssl x509 -req -passin pass:foobar -days 6666 -in server.csr -signkey server.key -out server.crt -extfile myconfig.cnf -extensions 'my server exts'
echo ""
echo "convert crt + RSA private key into a PKCS12 (PFX) file ..."
openssl pkcs12 -export -passin pass:foobar -passout pass:foobar -in server.crt -inkey server.key -out server.pfx
echo ""
echo "importing the certificate ..."
sudo security import server.pfx -k /Library/Keychains/System.keychain -P foobar
Now you can see the certificate listed in System keychains:
To sign gdb
sudo codesign -s VENTOS "$(which gdb)"
I am using some command line Open SSL commands to encrypt and decrypt data using Public and Private keys extracted from a Digital Cert. When I try to decrypt I get PKCS padding errors. Can someone tell me where I'm going wrong?
These are the command I've been using:
a) Extract Public key: openssl x509 -pubkey -noout -in xxxxx.cer > xxxxxpublickey.pem
b) Extract Private Key:openssl pkcs12 -in xxxxxx.pfx -nocerts -out xxxxxprivatekey.pem -nodes
c) Encypt a key (.bin file): openssl enc -aes-256-cbc -in kenkey.bin -out kenkey_Key -pass file:xxxxxpublickey.pem
d) Decrypt key produced in c) openssl rsautl -decrypt -hexdump -in kenkey_key -inkey xxxxxprivatekey.key -out aeskey.txt
This produces errors like this:
RSA operation error 3248:error:0407109F:rsa
routines:RSA_padding_check_PKCS1_type_2:pkcs decoding
error:.\crypto\rsa\rsa_pk1.c:273: 3248:error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check
failed:.\crypto\rsa\rsa_eay.c:602:
Im trying to generate multiple pairs of private - public keys with openssl
Im using this bash script.
openssl genrsa -out /etc/dkim10.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim10.pub -pubout &&
openssl genrsa -out /etc/dkim11.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim11.pub -pubout &&
openssl genrsa -out /etc/dkim12.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim12.pub -pubout
the private keys are different but the public key is always the same. the .pub files are identical when compared with diff. the same happens if I try to generate the pairs one by one. is this normal ? and how can I make it generate different public keys?
You are using the same private key for each public key command: openssl rsa -in /etc/dkim.key.
You need to use the correct private key.