#!/bin/bash

if [ $# -eq 0 ]; then
    read -p 'Please enter Hostnames, no domain, to generate CSRs for: ' HOSTNAMES
elif [ $# -gt 0 ]; then
    HOSTNAMES=$@
fi 
DOMAIN="home.johnhgaunt.com"

for i in $HOSTNAMES; do
    openssl req -new -sha512 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout $i.$DOMAIN.key -out $i.$DOMAIN.csr -config <(
cat <<-EOF
[req]
prompt = no
default_md = sha512
req_extensions = req_ext
distinguished_name = dn
 
[ dn ]
C=US
ST=PA
L=Pittsburgh
O=Gaunt
OU=Gaunt
emailAddress=admin@johnhgaunt.com
CN=$i.$DOMAIN
 
[ req_ext ]
subjectAltName = @alt_names
 
[ alt_names ]
DNS.1 = $i.$DOMAIN
DNS.2 = $i
EOF
)
done


# RSA key and csr
: '
openssl req -new -sha512 -nodes -out $i.$DOMAIN.csr -newkey rsa:4096 -keyout $i.$DOMAIN.key -config <(
cat <<-EOF
[req]
default_bits = 4096
prompt = no
default_md = sha512
req_extensions = req_ext
distinguished_name = dn
 
[ dn ]
C=US
ST=PA
L=Pittsburgh
O=Gaunt
OU=Gaunt
emailAddress=admin@johnhgaunt.com
CN=$i.$DOMAIN
 
[ req_ext ]
subjectAltName = @alt_names
 
[ alt_names ]
DNS.1 = $i.$DOMAIN
DNS.2 = $i
EOF
)
'