miker.blog

Self-Signed Certs on Debian 12

As a Linux system administrator with a fondness for Perl, I often find myself needing to generate self-signed certificates for various internal services and testing environments. To make this process more efficient, I created a bash script that automates the creation of self-signed certificates on Debian 12 systems. Let me walk you through the script and highlight some of its key features.

The Script at a Glance

I've named this script "Debian 12 Self Signed Cert Setup." It's designed to handle the entire process of creating a self-signed certificate, from installing dependencies to validating the final product. Here's what it does:

  1. Installs OpenSSL (if not already present)

  2. Creates necessary directories

  3. Generates a private key

  4. Provides an interactive prompt for certificate details

  5. Creates the self-signed certificate

  6. Sets proper permissions

  7. Validates the generated certificate

Let's dive into some of the more interesting aspects of the script.

Handling Dependencies

The script begins by ensuring OpenSSL is installed:

I've used DEBIAN_FRONTEND=noninteractive to prevent any prompts during the installation. This is particularly useful when running the script in automated environments or as part of a larger setup process.

Interactive Certificate Generation with Perl

As a Perl enthusiast, I couldn't resist incorporating it into the script. I used a Perl one-liner to create an interactive prompt for entering certificate details:

This Perl code prompts the user for each piece of information needed for the certificate (country, region, city, etc.), then constructs and executes the OpenSSL command with the provided information. I find this approach more flexible and user-friendly than a series of bash read commands.

Security Best Practices

After generating the certificate and key, the script sets appropriate permissions to ensure the private key remains secure:

These commands ensure that only root can read or modify the private key, while the certificate itself is readable by all users but only modifiable by root.

Certificate Validation

The script concludes by displaying the contents of the generated certificate:

This step is crucial for verifying that the certificate was created correctly with the information provided. It's a quick sanity check that can save time troubleshooting later.

Wrapping Up

I've found this script invaluable for quickly setting up self-signed certificates for internal services, development environments, and testing scenarios. It streamlines a process that would otherwise require multiple manual steps, reducing the potential for errors and saving time.

Remember, while self-signed certificates are great for internal use and testing, they shouldn't be used for public-facing services. For those, always use certificates from a trusted Certificate Authority.

Feel free to use and adapt this script for your own needs. It's a small tool, but one that exemplifies how a bit of scripting can significantly improve our day-to-day operations as system administrators.