Important
This Script and the readme file was generated by a ai.
Therefore, it may contain unchecked errors that are not immediately obvious.
This project provides a Bash script that automatically creates a small Public Key Infrastructure (PKI) consisting of:
- a Root Certificate Authority (Root CA)
- an Intermediate Certificate Authority (Intermediate CA)
- a Web/Server Certificate Authority (Web CA)
- simple commands to renew each CA certificate
The script uses OpenSSL and generates a complete directory structure for each CA, including keys, CSRs, certificates, and configuration files.
- Generates a Root CA (self‑signed)
- Generates an Intermediate CA signed by the Root CA
- Generates a Web/Server CA signed by the Root CA
- Creates OpenSSL configuration files automatically
- Provides renewal commands for all CA certificates
- Uses secure directory and key permissions
Run the script with one of the following commands:
./pki.sh init./pki.sh renew-root
./pki.sh renew-intermediate
./pki.sh renew-webEach CA gets its own folder under ./pki/:
pki/
├── root/
├── intermediate/
└── web/
Each folder contains:
certs/
crl/
csr/
newcerts/
private/
openssl.cnf
index.txt
serial
- Linux or macOS
- Bash
- OpenSSL installed (
openssl version)
- Keys are generated with 4096‑bit RSA.
- Certificate lifetimes can be adjusted in the script.
- Renewal uses the existing CSR to issue a new certificate.