Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anybody know how to automate the generation of server certificates without user interaction?
Some background:
We're in the process of upgrading our content servers to new hardware and with new OSes. The plan is to recompile webserver/app server/etc. on the new systems. So the plan is to do this once and to then take this configuration and use this for any other content server we want to create. So let's say we want to create 30 content servers, we need to generate 30 server certificates. Hence the question, is it possible to automate this process with no user interaction? These content servers aren't outside facing and are to be used for testing purposes only. I've googled 'automate certificate generation' and didn't see anything really relevent.
I'm not sure I understand the problem. You can just create a shell script to create a new certificate. For example:
#!/bin/bash
# Pass the following information to the routine to generate the certificate:
#
# Country Name (2 letter code) [GB]:.
# State or Province Name (full name) [Berkshire]:.
# Locality Name (eg, city) [Newbury]:.
# Organization Name (eg, company) [My Company Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (eg, your name or your server's hostname) []:.
# Email Address []:.
yeah. I'm looking for something like that. I just don't know how to go about passing in the information. Is what you posted below what the script is supposed to look like? And can you explain how your script works?
All it does is "queue up" the responses that the openssl is going to be asking for. The $ variables are just placeholders for the information. Let's say you call the script "makenewcert" and change it to:
#!/bin/bash
# Pass the following information to the routine to generate the certificate:
#
# $1 = Country Name (2 letter code) [GB]:.
# $2 = State or Province Name (full name) [Berkshire]:.
# $3 = Locality Name (eg, city) [Newbury]:.
# $4 = Organization Name (eg, company) [My Company Ltd]:.
# $5 = Organizational Unit Name (eg, section) []:.
# $6 = Common Name (eg, your name or your server's hostname) []:.
# $7 = IP address
# $8 = Email Address []:.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.