Download msca-reqcert.sh to your /bin environment.
sudo curl https://raw.githubusercontent.com/davibaldin/msca-reqcert/main/msca-reqcert.sh -o /bin/msca-reqcert.sh
sudo chmod +x /bin/msca-reqcert.shmsca-reqcert.sh -h#Retrieve CA file:
$ msca-reqcert.sh -s ca.contoso.ad -u foo@bar -p 1234567 -c root-ca.contoso.ad.cer
#Retrieve CA chain file
$ msca-reqcert.sh -s ca.contoso.ad -u foo@bar -p 1234567 -i sub-ca-bundle.contoso.ad.cer
#Request a new certificate from a CSR file
$ msca-reqcert.sh -s ca.contoso.ad -u foo@bar -p 1234567 -t WebServer -r request.csr
#Request a new certificate from scratch to
$ msca-reqcert.sh -s ca.contoso.ad -u "someuser@somedomain" -d "/C=BR/ST=Sao Paulo/L=Araraquara/O=ANEXT" -n app.anext.com.br -k app.anext.com.br.pemAdd your root CA and all yours sub-CAs Read more
msca-reqcert.sh -s ca.contoso.ad -u foo@bar -p 1234567 -c /etc/pki/ca-trust/source/anchors/ca-root.contoso.ad.pem
msca-reqcert.sh -s ca-sub.contoso.ad -u foo@bar -p 1234567 -c /etc/pki/ca-trust/source/anchors/ca-sub.contoso.ad.pem
update-ca-trust extractRequest your CA chain (if issued from a sub-CA) and concatenated it to a single file for NGINX.
msca-reqcert.sh -s ca.contoso.ad -u foo@bar -p 1234567 -i /etc/ssl/ca.contoso.ad.pem
msca-reqcert.sh -s ca.contoso.ad -u foo@mar -d "/C=BR/ST=Sao Paulo/L=Araraquara/O=ANEXT" -n app.anext.com.br -k /etc/ssl/app.anext.com.br.key -w /etc/ssl/app.anext.com.br.pem
cat /etc/ssl/app.anext.com.br.pem /etc/ssl/ca.contoso.ad.pem > /etc/ssl/app.anext.com.br.bundleConfigure NGINX (example)
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/app.anext.com.br.bundle;
ssl_certificate_key /etc/ssl/app.anext.com.br.key;