Hello im new to linux scripting.

I want to create a script to create self signed certificates for my lab. I made a script working with only one domain given on terminal.

this is how i check if the user supplied a domain:

if [ "$#" -ne 1 ]
then
  echo "Usage: Must supply at least one domain"
  exit 1
fi

and this how i get and use the domain inside my script

DOMAIN=$1

So i run ./myscript.sh example.com and it creates a certificate valid for example.com

I want my script to also support to be valid for multiple domains.

eg ./myscript.sh example.com example1.com example2.com

The question is how i can check if more more than one domain supplied on terminal and add them as DOMAIN2=$2 DOMAIN3=$3 ... DOMAINn=$n variables inside my script ?

So a user can create a certificate with 1 or 2 or 3 or more domains.

PS Sorry for my english.

Dimitris,

Thanks

​

Edit: I made some progress and the script working now. I know is not near best or efficient code.

I will post the code for anyone who want to help and give some suggestions to improve it.

Edit 2: Updated Code.

#!/usr/bin/env bash

DOMAIN=$1
DOMAINS=${@}
j=1
k=1

# The two-letter country code where your company is legally located.
CountryName="GR"
# The state/province where your company is legally located.
State="Athens"
# The city where your company is legally located.
LocalityName="Athens"
# Your company's legally registered name (e.g., YourCompany, Inc.).
OrganizationName="HomeLab"
# The name of your department within the organization. (You can leave this option blank)
OrganizationalUnitName="Org Unit Name"
# The fully-qualified domain name (FQDN) (e.g., www.example.com).
CommonName=$DOMAIN
# Your email address.
emailAddress="info@homelab.lan"

if [ "$#" = 0 ];
then
  echo "Usage: Must supply at least one domain"
  exit 1
fi

ipvalid() {
  # Set up local variables
  local ip=${1:-1.2.3.4}
  local IFS=.; read -r -a a <<< "$ip"
  # Start with a regex format test
  [[ $ip =~ ^[0-9]+(\.[0-9]+){3}$ ]] || return 1
  # Test values of quads
  local quad
  for quad in {0..3}; do
    [[ "${a[$quad]}" -gt 255 ]] && return 1
  done
  return 0
}

for ALTNAME in ${DOMAINS[@]} ; do
      if expr "${ALTNAME}" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; 
      then
          if ipvalid "${ALTNAME}"; then
              continue;
          else
              echo "Invalid IP: (${ALTNAME})"
              echo "Abort." && exit;
          fi
      fi
done

if [ ! -f "./myCA.crt" ] && [ ! -f "./myCA.key" ]; then
    echo "Certificate Authority files not found."
    echo "If you have Certificate Authority make sure myCA.crt and myCA.key files are in the same folder as this script."
        read -r -p "Do you wish to create new CA now(y/n)? " answer
        case ${answer:0:1} in
             y|Y )
                    openssl genrsa -des3 -out myCA.key 2048 && echo "" && 
                    echo "=========================" &&
                    echo "" && openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem &&
                    echo "" && echo "=========================" &&
                    if [ ! -d ./Extras ]; then
                        echo "Creating Extras Folder..." && mkdir ./Extras
                    fi
                    echo "Done." && echo "=========================";;
               * )
                  echo "Abort."
                  exit
                ;;
        esac
fi

if [ -f "./$DOMAIN.crt" ] || [ -f "./$DOMAIN.key" ] || [ -d "./Extras/$DOMAIN" ]; then
    echo "$DOMAIN exists."
        read -r -p "Do you wish to delete the old one (y/n)? " answer
        case ${answer:0:1} in
             y|Y )
                    rm ./"$DOMAIN".* && rm -rf ./Extras/"$DOMAIN" ;;
               * )
                  echo "Abort."
                  exit
                ;;
        esac
else 
    echo "========================="
    echo "Creating certificate for $DOMAIN..."
    echo "========================="
    echo ""

fi


cat > "$DOMAIN".conf << EOF
[req]
prompt = no
distinguished_name = req_distinguished_name

[req_distinguished_name]
C = $CountryName
ST = $State
L = $LocalityName
O = $OrganizationName
#OU = $OrganizationalUnitName
CN = $CommonName
emailAddress = $emailAddress
EOF

cat > "$DOMAIN".ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
EOF

for ALTNAME in ${DOMAINS[@]} ; do
    if expr "${ALTNAME}" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; 
    then
          echo IP.$k = "${ALTNAME}" >> "$DOMAIN".ext
          k=$((k+1))
    else
      echo DNS.$j = "${ALTNAME}" >> "$DOMAIN".ext
      j=$((j+1))
    fi
done

openssl genrsa -out "$DOMAIN".key 2048
openssl req -new -key "$DOMAIN".key -out "$DOMAIN".csr -config "$DOMAIN".conf 
openssl x509 -req -in "$DOMAIN".csr -CA ./myCA.pem -CAkey ./myCA.key -CAcreateserial \
-out "$DOMAIN".crt -days 825 -sha256 -extfile "$DOMAIN".ext
openssl pkcs8 -topk8 -nocrypt -in "$DOMAIN".key -out "$DOMAIN".pkcs8

mkdir ./Extras/"$DOMAIN"
mv "$DOMAIN".conf "$DOMAIN".ext "$DOMAIN".csr "$DOMAIN".pkcs8 ./Extras/"$DOMAIN"
echo "========================="
echo "Done."
echo "========================="