Skip to content
Create a gist now

Instantly share code, notes, and snippets.

@OhMeadhbh /gssc
Last active Dec 20, 2015

This is the script I made a long time ago to generate self-signed certificates. While I was using it recently I realized other people might find it useful. Standard disclaimers apply: never use a self signed cert unless you know what you're doing; use at your own risk -- if it causes any damage, it's not my fault; feel free to use & copy it, jus…
# Copyright (c) 2003-2013, Meadhbh S. Hamrick. All Rights Reserved.
# Released under a BSD License. See
# This script uses openssl to generate a self-signed certificate. Usage is
# like this:
# gssc <host name> [-p password] [-s subject] [-b bitlength]
# The host name parameter is the subject name of the certificate; i.e. - the
# FQDN of the host you're generating a certificate for. This is also the base
# name for the key, certificate signing request and certificate files. If you
# want the key to be protected by a password, use the -p option to specify
# it. The subject name of the requested cert defaults to:
# "C=US, ST=California, L=Felton, CN=<host name>"
# You can select a differetn subject name by using the -s option and providing
# a complete openssl style subject name. For example:
# "/C=IO/ST=Chagos/L=Diego Garcia/"
# will specify the expected subject name. Remember to put the slashes
# in front of each clause and to put the Common Name (CN) entry (we don't
# do it for you.) By default, we generate 2048 bit RSA keys. If you want some
# other bit length, use the -b flag.
# For example, the following command generates a self signed cert for the
# machine "" with a 1536 bit RSA key and a common name of
# "C=US, ST=Montana, L=Bozeman,":
# gssc -b 1536 -password "badpassword" \
# -s "/C=US/ST=Montana/L=Bozeman/"
# This example creates a self signed cert for with no password
# on the private key and a subject name of "C=US, ST=California, L=Felton,
# fssc
# Cheers!
# Check to see if we provided a host name
if [ $# -lt 1 ]; then
echo "Usage: $0 <host name> [-b bits] [-p password] [-s subject name]"
exit 1
# Set up defaults
# Now apply the parameters
while getopts "b:p:s:" flag
case $flag in
# First off, generate a RSA key
if [ 0 = ${#PASSWORD} ]; then
openssl genrsa -out $CN.key $BITS
if [ 4 -gt ${#PASSWORD} ]; then
echo "Your pass phrase must be four or more characters."
exit 2
openssl genrsa -out $CN.key -des3 -passout "pass:$PASSWORD" $BITS
# Now create the certificate
if [ 0 = ${#PASSWORD} ]; then
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt \
-passin "pass:$PASSWORD"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.