configurations/openssl/create-cert.sh

45 lines
1.5 KiB
Bash
Raw Permalink Normal View History

#!/bin/bash
# =============================================================================
# ssl-certs.sh - Self signing SSL certificates
#
# Author: Steve Shreeve <steve.shreeve@gmail.com>
# Date: Dec 17, 2022
#
# Edited: Claudio Maradonna <claudio@unitoo.pw>
# =============================================================================
# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d
# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
# variables
name="My Beautiful Name"
base="my.beautiful.domain"
ou="My Organization"
root="MYCERT"
serverip="127.0.0.1"
serverip6="::1"
# create our key and certificate signing request
openssl genrsa -out "${base}.key" 2048
openssl req -sha256 -new -key "${base}.key" -out "${base}.csr" \
-subj "/CN=*.${base}/O=${name}/OU=${ou}" \
-reqexts SAN -config <(echo "[SAN]\nsubjectAltName=DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip}\n")
# create our final certificate and sign it
openssl x509 -req -sha256 -in "${base}.csr" -out "${base}.crt" -days 731 \
-CAkey "${root}.key" -CA "${root}.crt" -CAcreateserial -extfile <(cat <<END
subjectAltName = DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip},IP:${serverip6}
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
basicConstraints = CA:FALSE
authorityKeyIdentifier = keyid:always
subjectKeyIdentifier = none
END
)
# review files
echo "--"; openssl req -in "${base}.csr" -noout -text
echo "--"; openssl x509 -in "${base}.crt" -noout -text
echo "--";