-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy patheasyssl
More file actions
119 lines (105 loc) · 4.51 KB
/
easyssl
File metadata and controls
119 lines (105 loc) · 4.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/bin/bash
# EasySSL 1.0.2 (c) 2025 by Sensei & Burixon
# Easily generate public and private SSL certificates for e.g. socat or other applications to encrypt transmission between two or more computers.
# If you find this script useful, consider supporting my work by making a donation:
# https://burixon.com.pl/donate/
#
# Thanks to:
# http://www.dest-unreach.org/socat/doc/socat-openssltunnel.html
# and
# https://unix.stackexchange.com/questions/448837/create-https-server-with-socat
help() {
echo "EasySSL 1.0.2 (c) 2025 by Sensei & Burixon"
echo "Easily generate public and private SSL certificates for e.g. socat or other applications."
echo "If you find this script useful, consider supporting my work by making a donation:"
echo "https://burixon.com.pl/donate/"
echo
echo "Usage:"
echo "easyssl [-v|--verbose] [-q|--quiet] [-b|--bits <bits>] [-ca|--common-name <common-name>] [-d|--days <days>] [-o|--output-dir <output-dir>] [-f|--force] [--format <pem|crt>] <name>"
echo
echo "EasySSL usage with socat (remember to copy files between peers and edit the /etc/hosts file):"
echo
echo "The most basic example:"
echo "easyssl <name>"
echo "[server side] socat OPENSSL-LISTEN:<port>,cert=<name>.pem,cafile=<name>.crt STDIO"
echo "[client side] socat STDIO OPENSSL:localhost:<port>,cert=<name>.pem,cafile=<name>.crt"
echo
echo "Example of a server/client with different certificates (<server-hostname> must be in the /etc/hosts file):"
echo "easyssl -ca <server-hostname> <server>"
echo "easyssl <client>"
echo "[server side] socat OPENSSL-LISTEN:<port>,cert=<server>.pem,cafile=<client>.crt STDIO"
echo "[client side] socat STDIO OPENSSL:<server-hostname>:<port>,cert=<client>.pem,cafile=<server>.crt"
echo
echo "Example of a server/client with different certificates with tunneling (<server-hostname> must equal <tunnel-hostname> and be in the /etc/hosts file):"
echo "easyssl -ca <server-hostname> <server>"
echo "easyssl <client>"
echo "[server side] socat OPENSSL-LISTEN:<port>,cert=<server>.pem,cafile=<client>.crt STDIO"
echo "[tunnel side] socat TCP-LISTEN:<tunnel-port> TCP-CONNECT:<server-hostname>:<port>"
echo "[client side] socat STDIO OPENSSL:<host>:<tunnel-port>,cert=<client>.pem,cafile=<server>.crt"
echo
echo "More examples for socat are available in the full documentation:"
echo -e "\e[1;4;36mhttps://github.com/BuriXon-code/EasySSL\e[0m"
}
VERBOSE=1
BITS=2048
COMMON_NAME=localhost
DAYS=3653
OUTPUT_DIR=
NAME=
FORCE=0
CERT_FORMAT=default # 'default' = .key + .crt + .pem
while [[ $# -gt 0 ]]; do
case $1 in
-h|--help) help; exit ;;
-v|--verbose) VERBOSE=1 ;;
-q|--quiet) VERBOSE=0 ;;
-b|--bits) shift; BITS="$1" ;;
-ca|--common-name) shift; COMMON_NAME="$1" ;;
-d|--days) shift; DAYS="$1" ;;
-o|--output-directory) shift; OUTPUT_DIR="$1" ;;
-f|--force) FORCE=1 ;;
--format) shift; CERT_FORMAT="$1" ;;
-*) echo >&2 "Unknown option: $1"; echo; help; exit 1 ;;
*) NAME=$1 ;;
esac
shift
done
if ! command -v openssl &>/dev/null; then
echo >&2 "The required package \"openssl\" is not installed."
exit 1
fi
if [[ -z "$NAME" ]]; then
echo >&2 "The required argument is missing!"
exit 1
fi
if [[ "$CERT_FORMAT" != "default" && "$CERT_FORMAT" != "pem" && "$CERT_FORMAT" != "crt" ]]; then
echo >&2 "Invalid format: $CERT_FORMAT. Allowed: pem, crt"
exit 1
fi
if [[ -n "$OUTPUT_DIR" ]]; then
mkdir -p "$OUTPUT_DIR" || { echo >&2 "Cannot create output directory: $OUTPUT_DIR"; exit 1; }
cd "$OUTPUT_DIR" || { echo >&2 "Cannot enter output directory: $OUTPUT_DIR"; exit 1; }
fi
declare -a FILES_TO_CHECK=()
[[ "$CERT_FORMAT" != "pem" ]] && FILES_TO_CHECK+=("$NAME.key" "$NAME.crt")
[[ "$CERT_FORMAT" == "default" ]] && FILES_TO_CHECK+=("$NAME.pem")
[[ "$CERT_FORMAT" == "pem" ]] && FILES_TO_CHECK+=("$NAME.pem")
for FILE in "${FILES_TO_CHECK[@]}"; do
if [[ -f "$FILE" && $FORCE -eq 0 ]]; then
read -rp "$FILE exists. Overwrite? (y/N): " confirm
[[ "$confirm" =~ ^[Yy]$ ]] || { echo >&2 "Aborted."; exit 1; }
fi
done
[[ $VERBOSE -ge 1 ]] && echo >&2 "Generating $NAME.key.."
openssl genrsa -out "$NAME.key" "$BITS"
chmod 600 "$NAME.key"
[[ $VERBOSE -ge 1 ]] && echo >&2 "Generating $NAME.crt.."
openssl req -new -key "$NAME.key" -x509 -days "$DAYS" -subj "/CN=$COMMON_NAME" -out "$NAME.crt"
chmod 644 "$NAME.crt"
if [[ "$CERT_FORMAT" == "pem" || "$CERT_FORMAT" == "default" ]]; then
[[ $VERBOSE -ge 1 ]] && echo >&2 "Generating $NAME.pem.."
cat "$NAME.key" "$NAME.crt" >"$NAME.pem"
chmod 600 "$NAME.pem"
fi
[[ $VERBOSE -ge 1 ]] && echo >&2 "Done"
[[ $VERBOSE -ge 1 ]] && echo >&2 "Remember to change the owner with chown!"