Generate Self-Signed Certificate

gen-selfsigned-cert.sh

#!/bin/sh
#
# based on http://sourcery.blogspot.com/2007/09/script-for-openssl-certificate-signing.html
#

set -e

C=
ST=
L=
O=
OU=
CN=$1
EMAIL=${2:-info\@${CN}}

[ -z "${CN}" ] && {
  cat <<EOS
usage:
  $(basename $0) common_name [ email ]
EOS
  exit 1
}

suffix=pem
keypair_pri="${CN}_key.${suffix}"
keypair_pub="${CN}_csr.${suffix}"
server_cert="${CN}_crt.${suffix}"

#
# via http://slacksite.com/apache/certificate.php
#
# 1. Generating a Private Key and CSR
# 2. Generating a Self-Signed Certificate
# 3. Installing the Private Key and Certificate
# 4. Configuring SSL Enabled Virtual Hosts
#

# 1. Generating a Private Key and CSR
cat <<EOS | openssl req -new -newkey rsa:2048 -nodes -keyout ${keypair_pri} -out ${keypair_pub}
${C:-JP}
${ST:-Tokyo}
${L:-Shinjuku}
${O:-hansode.org}
${OU:-Operation}
${CN}
${EMAIL}
.
.
EOS

# 2. Generating a Self-Signed Certificate
openssl x509 -in ${keypair_pub} -days 3650 -req -signkey ${keypair_pri} > ${server_cert}
openssl req -text -noout -in ${keypair_pub}
echo


cat <<EOS
# 1. Generated a Private Key and CSR
=> ${keypair_pri}

=> ${keypair_pub}

# 2. Generated a Self-Signed Certificate
=> ${server_cert}

# 3. Installing the Private Key and Certificate
# 4. Configuring SSL Enabled Virtual Hosts
-----
apache:
        SSLCertificateFile    /path/to/${server_cert}
        SSLCertificateKeyFile /path/to/${keypair_pri}

nginx:
        ssl_certificate     /path/to/${server_cert};
        ssl_certificate_key /path/to/${keypair_pri};
-----
EOS