A common way of letting users supply data to a script is via its command-line arguments. In this case, it would, for example, be convenient to call your script with a list of domain names. Since the user needs to provide a password and some other key-related parameter, we could develop a script that takes two options and a list of domains.
./script -p 'password' -k 'keystore' domain1 domain2 domain3 ...
I don't know the keytool utility that you are using, but it seems that a user must supply a list of at least two domains rather than just one. The first domain name is used with the -dname and -alias options, while the -ext option takes the second and any other domain name in its value.
The following code uses the idiomatic way of parsing the command-line options and validates that the keystore and password variables have values. It then calls the keytool utility with the data given by the user.
#!/bin/sh
unset -v keystore password
while getopts k:p: opt; do
case $opt in
k)
keystore=$OPTARG
;;
p)
password=$OPTARG
;;
*)
echo 'Error' >&2
exit 1
esac
done
shift "$(( OPTIND - 1 ))"
if [ -z "$keystore" ] || [ -z "$password" ]; then
echo 'Missing keystore (-k) and/or password (-p)' >&2
exit 1
fi
if [ "$#" -lt 2 ]; then
echo 'Expecting at least two domain names' >&2
echo '(a main one, and one for the -ext option)' >&2
exit 1
fi
domain1=$1
shift
IFS=,
keytool -genkey \
-keystore "$keystore" \
-keysize 2048 \
-keypass "$password" \
-storepass "$password" \
-keyalg RSA \
-dname "CN=$domain1,OU=Devteam,O=Softech,L=Chicago,ST=IL,C=US" \
-alias "$domain1" \
-ext "san=dns:$*"
After the two if statements, the first domain name will be in $1 and the others in $2, $3, and so on. We assign $1 to the domain1 variable and call shift. After the shift, we may use "$*" with IFS set to a comma to generate a comma-delimited string of the rest of the domain names. We use this in the value for the -ext option.
