diff --git a/openssl/create-cert.sh b/openssl/create-cert.sh new file mode 100644 index 0000000..2017ed9 --- /dev/null +++ b/openssl/create-cert.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# ============================================================================= +# ssl-certs.sh - Self signing SSL certificates +# +# Author: Steve Shreeve +# Date: Dec 17, 2022 +# +# Edited: Claudio Maradonna +# ============================================================================= + +# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d +# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309 + +# variables +name="My Beautiful Name" +base="my.beautiful.domain" +ou="My Organization" +root="MYCERT" +serverip="127.0.0.1" +serverip6="::1" + +# create our key and certificate signing request +openssl genrsa -out "${base}.key" 2048 +openssl req -sha256 -new -key "${base}.key" -out "${base}.csr" \ + -subj "/CN=*.${base}/O=${name}/OU=${ou}" \ + -reqexts SAN -config <(echo "[SAN]\nsubjectAltName=DNS:${base},DNS:*.${base},IP:127.0.0.1,IP:${serverip}\n") + +# create our final certificate and sign it +openssl x509 -req -sha256 -in "${base}.csr" -out "${base}.crt" -days 731 \ + -CAkey "${root}.key" -CA "${root}.crt" -CAcreateserial -extfile <(cat < +# Date: Dec 17, 2022 +# +# Edited: Claudio Maradonna +# ============================================================================= + +# Use https://gist.github.com/shreeve/3358901a26a21d4ddee0e1342be7749d +# See https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309 + +# variables +root="MYCERT" +myip="$(ifconfig | awk '/inet / { print $2 }' | grep -v -E "^127\." | head -1)" + +# create root key and certificate +openssl genrsa -out "${root}.key" 3072 +openssl req -x509 -nodes -sha256 -new -key "${root}.key" -out "${root}.crt" -days 731 \ + -subj "/CN=${root} Root Certificate" \ + -addext "keyUsage = critical, keyCertSign" \ + -addext "basicConstraints = critical, CA:TRUE, pathlen:0" \ + -addext "subjectKeyIdentifier = hash" + +sudo cp ${root}.crt /usr/local/share/ca-certificates/${root}.crt +sudo update-ca-certificates + +# review files +echo "--"; openssl x509 -in "${root}.crt" -noout -text