November 2013 Archives

Generating keys and CSR requests for your Public Key Infrastructure (PKI) needs is tedious and annoying without proper tools. Remembering openssl commands and syntax requires a constant visit to the man page or the googles. So what does any good geek do when faced with a repetitive problem? They write a script or download a tool. I wrote a script because I love reinventing the wheel.

The script below (after the jump) creates a customized openssl config file and generates private keys and CSRs. The input to the script is a flat file with either FQDNs, email addresses, or whatever your want that is plugged into the Common Name field of the key/CSR. The script is nothing more than a glorified for loop that helps reduce errors and ensures consistency across a large key base.

This can be really useful when setting up EAP-TLS for your WiFi or other device authentication.

Please leave any feedback you may have in the comments.