exit 1
fi
+chmod 700 $ICINGA_CA >/dev/null 2>&1
+
echo '01' > $ICINGA_CA/serial
touch $ICINGA_CA/index.txt
-CN_DEFAULT="Icinga CA" KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -nodes -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt
+cp $ICINGA2PKIDIR/vars $ICINGA_CA/
+source $ICINGA_CA/vars
+
+KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt && \
+ echo -e "\n\tIf you want to change the default settings for server certificates check out \"$ICINGA_CA/vars\".\n"
exit 1
fi
-CN_DEFAULT=$name KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
- openssl x509 -days 3650 -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.crt -CAserial $ICINGA_CA/serial
-
-
+[ -f $ICINGA_CA/vars ] && source $ICINGA_CA/vars
+
+[ -z "$REQ_COUNTRY_NAME" ] && export REQ_COUNTRY_NAME="AU"
+[ -z "$REQ_STATE" ] && export REQ_STATE="Some-State"
+[ -z "$REQ_ORGANISATION" ] && export REQ_ORGANISATION="Internet Widgits Pty Ltd"
+[ -z "$REQ_ORG_UNIT" ] && export REQ_ORG_UNIT="Monitoring"
+[ -z "$REQ_COMMON_NAME"] && export REQ_COMMON_NAME="Icinga CA"
+[ -z "$REQ_DAYS" ] && export REQ_DAYS="3650"
+
+REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA_CA" openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
+ openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.tmp -CAserial $ICINGA_CA/serial && \
+ openssl x509 -in $ICINGA_CA/$name.tmp -text > $ICINGA_CA/$name.crt && \
+ rm -f $ICINGA_CA/$name.csr $ICINGA_CA/$name.tmp
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
-policy = policy_match
+policy = policy_anything
# For the CA policy
[ policy_match ]
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = $ENV::REQ_COUNTRY_NAME
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = $ENV::REQ_STATE
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = $ENV::REQ_ORGANISATION
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = Icinga
+organizationalUnitName_default = $ENV::REQ_ORG_UNIT
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
-commonName_default = $ENV::CN_DEFAULT
+commonName_default = $ENV::REQ_COMMON_NAME
#emailAddress = Email Address
#emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
-#challengePassword = A challenge password
-#challengePassword_min = 4
-#challengePassword_max = 20
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
unstructuredName = An optional company name
--- /dev/null
+# Icinga 2 default CA vars
+
+export REQ_COUNTRY_NAME="AU"
+export REQ_STATE="Some-State"
+export REQ_ORGANISATION="Internet Widgits Pty Ltd"
+export REQ_ORG_UNIT="Monitoring"
+export REQ_COMMON_NAME="Icinga CA"
+export REQ_DAYS="3650"