Generating Security Certificates using Security Pack in UNix

[PFCCWA]

Hello,

I am generating security certificates using the 'create_ca.sh' and 'create_cert.sh' in a unix host.

the create_ca.sh works fine.

but when i run the create_cert.sh, there is an error when the script is run, but also the certificate name does not contain the host.

this is the error when running the script:
[b][i]host5-05{genesys}: bash ./create_cert.sh -host host5-05 -CN host5-05
awk: syntax error near line 1
awk: bailing out near line 1[/i][/b]

In the repository directory the files naming are like this:
[i][b]02__cert.pem[/b][/i]
but according to the security deployment guide this should be [b]<serial_#>_<host_name>_cert.pem[/b].

The script itself is shown below where i can see awk code:
[i][b]#
# Cut _host_ name from full DN host name
#     
hostName=`echo ${fullHostName} | awk -F \. '{printf("%s",$1)}'`

#
# Set used file names
#
# Directory where _this_ scripts is locates
scriptDir=`echo ${0} | awk -F/ '{ dir=""; for (i=1; i<NF; i++) {dir=dir$(i)FS;} print(dir); }'`
repositoryDir=${scriptDir}/repository

caConfDir=${scriptDir}/ca_conf
caConfigFileName=${caConfDir}/ca.conf
caSerialNumFileName=${caConfDir}/serial.num[/b][/i]

Where is the issue? looks to be related to the host name used in the bash script (asking me for full DNS name?). didnt realise i needed this or what it is (we have always used the host name as stated and/or IP).
Using Security Pack v8.5.100.23.

thanks,

[cavagnaro]

What is your host name?
Be careful it should be a valid one
Run the command manually and check the output

Enviado de meu SM-N9600 usando o Tapatalk

[PFCCWA]

the host name is correct (host5-05).
I have typed in command 'hostname' and the result was 'host5-05'.
also tried without the '-' character (host505) but same error and result.

thanks,

[cavagnaro]

I think that is not a valid FQDN for a certificate...

Enviado de meu SM-N9600 usando o Tapatalk

[hsujdik]

[quote author=cavagnaro link=topic=11898.msg53563#msg53563 date=1605533332]
I think that is not a valid FQDN for a certificate...

Enviado de meu SM-N9600 usando o Tapatalk


[/quote]

It actually is a valid Common Name. I tried to simulate with the same input as his and didn't get the same error.


Edit: the only difference is that I called:
./create_cert.sh -host host5-05 -CN host5-05

instead of prefixing "bash" as the shell

My output:
[code]
[root@prodesp01 gcti-ca]# ./create_cert.sh -host host5-05 -CN host5-05
Generating RSA private key, 2048 bit long modulus
.......+++
................................................................+++
e is 65537 (0x10001)
Using configuration from .//ca_conf/ca.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'host5-05'
Certificate is to be certified until Feb 25 13:12:53 2021 GMT (100 days)

Write out database with 1 new entries
Data Base Updated
[root@prodesp01 gcti-ca]# ll repository/
total 16
-rw-r--r--. 1 root cdrom 1078 Nov 17 13:12 02_host5-05_cert.pem
-rw-r--r--. 1 root cdrom 2357 Nov 17 13:12 02_host5-05_cert.pfx
-rw-r--r--. 1 root cdrom 1675 Nov 17 13:12 02_host5-05_priv_key.pem
-rw-r--r--. 1 root cdrom 1078 Nov 17 13:12 02.pem

[/code]