openssl: basic script for root cert and cert generation certificates for home/ personal usage

2023-04-08 10:51:44 +02:00 · 2023-04-08 10:51:44 +02:00 · 102c90e4f3
parent 288221b816
commit 102c90e4f3
2 changed files with 75 additions and 0 deletions
--- a/openssl/create-cert.sh
+++ b/openssl/create-cert.sh
@ -0,0 +1,44 @@
+#!/bin/bash
+
+# =============================================================================
+# ssl-certs.sh - Self signing SSL certificates
+#
+# Author: Steve Shreeve <steve.shreeve@gmail.com>
+#   Date: Dec 17, 2022
+#
+# Edited: Claudio Maradonna <claudio@unitoo.pw>
+# =============================================================================
+
+# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d
+# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
+
+# variables
+name="My Beautiful Name"
+base="my.beautiful.domain"
+ou="My Organization"
+root="MYCERT"
+serverip="127.0.0.1"
+serverip6="::1"
+
+# create our key and certificate signing request
+openssl genrsa -out "${base}.key" 2048
+openssl req -sha256 -new -key "${base}.key" -out "${base}.csr" \
+  -subj "/CN=*.${base}/O=${name}/OU=${ou}" \
+  -reqexts SAN -config <(echo "[SAN]\nsubjectAltName=DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip}\n")
+
+# create our final certificate and sign it
+openssl x509 -req -sha256 -in "${base}.csr" -out "${base}.crt" -days 731 \
+  -CAkey "${root}.key" -CA "${root}.crt" -CAcreateserial -extfile <(cat <<END
+    subjectAltName = DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip},IP:${serverip6}
+    keyUsage = critical, digitalSignature, keyEncipherment
+    extendedKeyUsage = serverAuth
+    basicConstraints = CA:FALSE
+    authorityKeyIdentifier = keyid:always
+    subjectKeyIdentifier = none
+END
+)
+
+# review files
+echo "--"; openssl req  -in "${base}.csr" -noout -text
+echo "--"; openssl x509 -in "${base}.crt" -noout -text
+echo "--";
--- a/openssl/create-root-cert.sh
+++ b/openssl/create-root-cert.sh
@ -0,0 +1,31 @@
+#!/bin/bash
+
+# =============================================================================
+# ssl-certs.sh - Self signing SSL certificates
+#
+# Author: Steve Shreeve <steve.shreeve@gmail.com>
+#   Date: Dec 17, 2022
+#
+# Edited: Claudio Maradonna <claudio@unitoo.pw>
+# =============================================================================
+
+# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d
+# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
+
+# variables
+root="MYCERT"
+myip="$(ifconfig | awk '/inet / { print $2 }' | grep -v -E "^127\." | head -1)"
+
+# create root key and certificate
+openssl genrsa -out "${root}.key" 3072
+openssl req -x509 -nodes -sha256 -new -key "${root}.key" -out "${root}.crt" -days 731 \
+  -subj "/CN=${root} Root Certificate" \
+  -addext "keyUsage = critical, keyCertSign" \
+  -addext "basicConstraints = critical, CA:TRUE, pathlen:0" \
+  -addext "subjectKeyIdentifier = hash"
+
+sudo cp ${root}.crt /usr/local/share/ca-certificates/${root}.crt
+sudo update-ca-certificates
+
+# review files
+echo "--"; openssl x509 -in "${root}.crt" -noout -text