-
-
Save OhMeadhbh/6201808 to your computer and use it in GitHub Desktop.
This is the script I made a long time ago to generate self-signed certificates. While I was using it recently I realized other people might find it useful. Standard disclaimers apply: never use a self signed cert unless you know what you're doing; use at your own risk -- if it causes any damage, it's not my fault; feel free to use & copy it, jus…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Copyright (c) 2003-2013, Meadhbh S. Hamrick. All Rights Reserved. | |
| # Released under a BSD License. See http://opensource.org/licenses/BSD-2-Clause | |
| # | |
| # This script uses openssl to generate a self-signed certificate. Usage is | |
| # like this: | |
| # gssc <host name> [-p password] [-s subject] [-b bitlength] | |
| # The host name parameter is the subject name of the certificate; i.e. - the | |
| # FQDN of the host you're generating a certificate for. This is also the base | |
| # name for the key, certificate signing request and certificate files. If you | |
| # want the key to be protected by a password, use the -p option to specify | |
| # it. The subject name of the requested cert defaults to: | |
| # "C=US, ST=California, L=Felton, CN=<host name>" | |
| # You can select a differetn subject name by using the -s option and providing | |
| # a complete openssl style subject name. For example: | |
| # "/C=IO/ST=Chagos/L=Diego Garcia/CN=foo.bar.mil" | |
| # will specify the expected subject name. Remember to put the slashes | |
| # in front of each clause and to put the Common Name (CN) entry (we don't | |
| # do it for you.) By default, we generate 2048 bit RSA keys. If you want some | |
| # other bit length, use the -b flag. | |
| # | |
| # For example, the following command generates a self signed cert for the | |
| # machine "secure.example.com" with a 1536 bit RSA key and a common name of | |
| # "C=US, ST=Montana, L=Bozeman, CN=secure.example.com": | |
| # gssc secure.example.com -b 1536 -password "badpassword" \ | |
| # -s "/C=US/ST=Montana/L=Bozeman/CN=secure.example.com" | |
| # | |
| # This example creates a self signed cert for www.example.org with no password | |
| # on the private key and a subject name of "C=US, ST=California, L=Felton, | |
| # CN=www.example.org": | |
| # fssc www.example.com | |
| # | |
| # Cheers! | |
| # Check to see if we provided a host name | |
| if [ $# -lt 1 ]; then | |
| echo "Usage: $0 <host name> [-b bits] [-p password] [-s subject name]" | |
| exit 1 | |
| fi | |
| # Set up defaults | |
| CN=$1 | |
| BITS=2048 | |
| PASSWORD="" | |
| SN="/C=US/ST=California/L=Felton/CN=$1" | |
| # Now apply the parameters | |
| shift | |
| while getopts "b:p:s:" flag | |
| do | |
| case $flag in | |
| b) BITS=$OPTARG;; | |
| p) PASSWORD=$OPTARG;; | |
| s) SN=$OPTARG;; | |
| esac | |
| done | |
| # First off, generate a RSA key | |
| if [ 0 = ${#PASSWORD} ]; then | |
| openssl genrsa -out $CN.key $BITS | |
| else | |
| if [ 4 -gt ${#PASSWORD} ]; then | |
| echo "Your pass phrase must be four or more characters." | |
| exit 2 | |
| else | |
| openssl genrsa -out $CN.key -des3 -passout "pass:$PASSWORD" $BITS | |
| fi | |
| fi | |
| # Now create the certificate | |
| if [ 0 = ${#PASSWORD} ]; then | |
| openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt | |
| else | |
| openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt \ | |
| -passin "pass:$PASSWORD" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment