From e186f0e4c24904125cfacd097ab6a37c51bb9eee Mon Sep 17 00:00:00 2001
From: Joerg Heinemann <heinemannj66@gmail.com>
Date: Wed, 4 Feb 2026 15:18:52 +0100
Subject: [PATCH] Update step-ca-install.sh for dynamic input handling

Updated helper script for CSR request
---
 install/step-ca-install.sh | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/install/step-ca-install.sh b/install/step-ca-install.sh
index 1661850d..2ab7887a 100644
--- a/install/step-ca-install.sh
+++ b/install/step-ca-install.sh
@@ -238,22 +238,40 @@ $STD cat <<'EOF' >$StepRequest
 #!/usr/bin/env bash
 #
 StepCertDir="$STEPHOME/certs/x509"
+PROVISIONER_PASSWORD=$(step path)/encryption//provisioner.pwd
 
-HOST="brw4cd5770e36b4"
-IP="192.168.178.136"
-DOMAIN="fritz.box"
-FQDN=$HOST.$DOMAIN
-VALID_TO="2034-01-31T00:00:00Z"
-PROVISIONER="pki@fritz.box"
+while true;
+do
+
+FQDN=$(whiptail --title "step ca certificate options" --inputbox 'FQDN (e.g. MyLXC.example.com)' 10 50 "$FQDN" 3>&1 1>&2 2>&3)
+IP=$(dig +short $FQDN)
+if [[ -z "$IP" ]]; then
+    echo "Resolution failed for $FQDN"
+    exit
+fi
+HOST=$(echo $FQDN | awk -F'.' '{print $1}')
+IP=$(whiptail --title "step ca certificate options" --inputbox 'IP (e.g. x.x.x.x)' 10 50 "$IP" 3>&1 1>&2 2>&3)
+HOST=$(whiptail --title "step ca init options" --inputbox 'HOST (e.g. MyHostName)' 10 50 "$HOST" 3>&1 1>&2 2>&3)
+VALID_TO=$(whiptail --title "step ca init options" --inputbox 'VALID_TO (e.g. 2034-01-31T00:00:00Z)' 10 50 "2034-01-31T00:00:00Z" 3>&1 1>&2 2>&3)
+
+if whiptail_yesno=$(whiptail --title "step ca init options" --yesno "Continue with below?\n
+HOST: $HOST
+IP: $IP
+FQDN: $FQDN
+VALID_TO: $VALID_TO" --no-button "Change" --yes-button "Continue" 15 70 3>&1 1>&2 2>&3); then
+break
+fi
+
+done
 
 step ca certificate $FQDN $StepCertDir/$FQDN.crt $StepCertDir/$FQDN.key \
-  --provisioner=$PROVISIONER \
+  --provisioner-password-file=$PROVISIONER_PASSWORD \
   --not-after=$VALID_TO \
   --san $FQDN \
   --san $HOST \
-  --san $IP
-
-step certificate inspect $StepCertDir/$FQDN.crt
+  --san $IP \
+  && step certificate inspect $StepCertDir/$FQDN.crt \
+  || echo "Failed to request certificate"; exit
 EOF
 $STD cat <<'EOF' >$StepRevoke
 #!/usr/bin/env bash