forked from unitoo/configurations
openssl: basic script for root cert and cert generation certificates for home/ personal usage
This commit is contained in:
parent
288221b816
commit
102c90e4f3
2 changed files with 75 additions and 0 deletions
44
openssl/create-cert.sh
Normal file
44
openssl/create-cert.sh
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/bash
|
||||
|
||||
# =============================================================================
|
||||
# ssl-certs.sh - Self signing SSL certificates
|
||||
#
|
||||
# Author: Steve Shreeve <steve.shreeve@gmail.com>
|
||||
# Date: Dec 17, 2022
|
||||
#
|
||||
# Edited: Claudio Maradonna <claudio@unitoo.pw>
|
||||
# =============================================================================
|
||||
|
||||
# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d
|
||||
# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
|
||||
|
||||
# variables
|
||||
name="My Beautiful Name"
|
||||
base="my.beautiful.domain"
|
||||
ou="My Organization"
|
||||
root="MYCERT"
|
||||
serverip="127.0.0.1"
|
||||
serverip6="::1"
|
||||
|
||||
# create our key and certificate signing request
|
||||
openssl genrsa -out "${base}.key" 2048
|
||||
openssl req -sha256 -new -key "${base}.key" -out "${base}.csr" \
|
||||
-subj "/CN=*.${base}/O=${name}/OU=${ou}" \
|
||||
-reqexts SAN -config <(echo "[SAN]\nsubjectAltName=DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip}\n")
|
||||
|
||||
# create our final certificate and sign it
|
||||
openssl x509 -req -sha256 -in "${base}.csr" -out "${base}.crt" -days 731 \
|
||||
-CAkey "${root}.key" -CA "${root}.crt" -CAcreateserial -extfile <(cat <<END
|
||||
subjectAltName = DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip},IP:${serverip6}
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
basicConstraints = CA:FALSE
|
||||
authorityKeyIdentifier = keyid:always
|
||||
subjectKeyIdentifier = none
|
||||
END
|
||||
)
|
||||
|
||||
# review files
|
||||
echo "--"; openssl req -in "${base}.csr" -noout -text
|
||||
echo "--"; openssl x509 -in "${base}.crt" -noout -text
|
||||
echo "--";
|
31
openssl/create-root-cert.sh
Normal file
31
openssl/create-root-cert.sh
Normal file
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
# =============================================================================
|
||||
# ssl-certs.sh - Self signing SSL certificates
|
||||
#
|
||||
# Author: Steve Shreeve <steve.shreeve@gmail.com>
|
||||
# Date: Dec 17, 2022
|
||||
#
|
||||
# Edited: Claudio Maradonna <claudio@unitoo.pw>
|
||||
# =============================================================================
|
||||
|
||||
# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d
|
||||
# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
|
||||
|
||||
# variables
|
||||
root="MYCERT"
|
||||
myip="$(ifconfig | awk '/inet / { print $2 }' | grep -v -E "^127\." | head -1)"
|
||||
|
||||
# create root key and certificate
|
||||
openssl genrsa -out "${root}.key" 3072
|
||||
openssl req -x509 -nodes -sha256 -new -key "${root}.key" -out "${root}.crt" -days 731 \
|
||||
-subj "/CN=${root} Root Certificate" \
|
||||
-addext "keyUsage = critical, keyCertSign" \
|
||||
-addext "basicConstraints = critical, CA:TRUE, pathlen:0" \
|
||||
-addext "subjectKeyIdentifier = hash"
|
||||
|
||||
sudo cp ${root}.crt /usr/local/share/ca-certificates/${root}.crt
|
||||
sudo update-ca-certificates
|
||||
|
||||
# review files
|
||||
echo "--"; openssl x509 -in "${root}.crt" -noout -text
|
Loading…
Reference in a new issue