Gutzi

JeDepending ~~nach~~on ~~Größe~~the ~~eures~~size ~~Heimnetzwerkes~~of ~~müssen~~your ~~die~~home ~~Schritte~~network, the "~~Zertifikate~~Create ~~erstellen~~"certificates" ~~dauernd~~steps ~~abgearbeitet~~have ~~werden,~~to ~~was~~be ~~nervig~~carried ~~werde~~out ~~kann.~~continuously, ~~Vor~~which ~~allen~~can ~~Dingen~~be ~~wenn~~annoying. ~~man~~Especially ~~sich~~if ~~mal~~you ~~nach~~want ~~einiger~~to ~~Zeit~~decide ~~für~~on ~~einen~~a ~~neuen~~new ~~Domänen~~domain ~~Namen~~name ~~entscheiden~~after ~~will.~~some time... EsThere ~~gibt~~are ~~auch~~also ~~Geräte,~~devices, ~~z.B.~~e.g. AVM ~~Router~~routers ~~oder~~or ~~Apps~~apps (~~z.B.~~e.g. Plex) ~~die~~that ~~akzeptieren~~only ~~nur~~accept ~~eine~~a .pfx (~~PKCS#12-Standard)~~PKCS#12 standard)! Hm, ~~und~~and ~~schon~~we're ~~wären~~already ~~wir~~out ~~gekniffen~~of luck 😤 ...

1. allesall in einemone Schritt,step, oups ...Scriptscript

~~Für~~For ~~alle~~all ~~die,~~those ~~die~~who ~~die~~have ~~Realisierung~~implemented ~~wie~~the ~~von~~realization ~~mir~~as ~~empfohlen~~recommended ~~auf~~by ~~einem~~me on a PI ~~oder~~or Linux ~~Gerät~~device, ~~implementiert~~here ~~haben,~~is ~~kommt~~a ~~hier~~script ~~ein~~that ~~Script,~~is ~~das~~quickly ~~schnell~~adapted ~~angepasst~~and ~~ist~~then ~~und~~takes ~~dann~~your ~~eure~~domain ~~Domäne~~as ~~als~~a ~~Parameter~~parameter ~~nimmt~~and ~~und~~automatically ~~alle~~creates ~~erforderlichen~~all ~~Dateien~~the ~~automatisch~~necessary ~~erstellt.~~files.

8-tung! ~~Das~~The ~~Stammzertifikat~~root ~~muss~~certificate ~~vorhanden~~must exist / ~~bereits~~have ~~erstellt~~already ~~sein!~~been ~~und~~created! ~~sich~~and imbe ~~gleichen~~located ~~Verzeichnis~~in ~~befinden~~the ~~wie~~same ~~das~~directory ~~Script.~~as the script.

#!/bin/bash

#Required
domain=$1
commonname=$domain

#Change to your company details
country=<>
state=<>
locality=<>
organization=<>
organizationalunit=<>
email=<>

if [ -z "$domain" ]
then
    echo "Argument not present."
    echo "Useage $0 [common name]"

    exit 99
fi

echo "1. generating .key for $domain"
#generate a .key
openssl genrsa -out $domain.key 2048
echo "successful!"
echo ""

echo "2. generating .csr for $domain"
#generate a .csr
openssl req -new -key $domain.key -out $domain.csr \
    -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"
echo "successful!"
echo ""


echo "3. generating .ext for $domain"
cat > $domain.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $domain

EOF
echo "successful!"
echo ""

echo "4. creating .csr for $domain"
openssl x509 -req -in $domain.csr -CA <SLD>.pem -CAkey <SLD>.key -CAcreateserial -out $domain.crt -days 3650 -sha256 -extfile $domain.ext
echo "successful!"
echo ""

echo "5. creating .pem for $domain"
cat $domain.crt $domain.key > $domain.pem
echo "successful!"
echo ""

echo "6. creating .pfx for $domain"
openssl pkcs12 -export -in $domain.pem -out $domain.pfx
echo "successful!"
echo ""
echo "---------------------------"
echo "-------- All Set! ---------"
echo "---------------------------"
echo

~~Hier~~You ~~könnt~~can ~~ihr~~download ~~das~~the ~~Script~~script ~~herunterladen:~~here: genCert.zip
~~entpacken~~and ~~und~~adapt ~~auf~~it ~~eure~~to ~~Bedürfnisse~~your ~~anpassen~~needs (~~sucht~~search ~~nach~~for <> ~~und nach~~and <SLD>. ~~Dann~~Then ~~abspeichern.~~save it.
~~mit~~make ~~dem~~the ~~Kommando:~~script executable with the command: "sudo chmod +x <scriptname>.sh" ~~ausführbar machen~~

~~fertig~~DONE!!

~~ausführen~~Execute ~~mit~~with ~~Kommando:~~command: "./<sriptname>.sh <subDomäne.SLD.TLD>" 🤗