Skip to content

@OhMeadhbh /gssc
Last active

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
This is the script I made a long time ago to generate self-signed certificates. While I was using it recently I realized other people might find it useful. Standard disclaimers apply: never use a self signed cert unless you know what you're doing; use at your own risk -- if it causes any damage, it's not my fault; feel free to use & copy it, jus…
#!/bin/bash
# Copyright (c) 2003-2013, Meadhbh S. Hamrick. All Rights Reserved.
# Released under a BSD License. See http://opensource.org/licenses/BSD-2-Clause
#
# This script uses openssl to generate a self-signed certificate. Usage is
# like this:
# gssc <host name> [-p password] [-s subject] [-b bitlength]
# The host name parameter is the subject name of the certificate; i.e. - the
# FQDN of the host you're generating a certificate for. This is also the base
# name for the key, certificate signing request and certificate files. If you
# want the key to be protected by a password, use the -p option to specify
# it. The subject name of the requested cert defaults to:
# "C=US, ST=California, L=Felton, CN=<host name>"
# You can select a differetn subject name by using the -s option and providing
# a complete openssl style subject name. For example:
# "/C=IO/ST=Chagos/L=Diego Garcia/CN=foo.bar.mil"
# will specify the expected subject name. Remember to put the slashes
# in front of each clause and to put the Common Name (CN) entry (we don't
# do it for you.) By default, we generate 2048 bit RSA keys. If you want some
# other bit length, use the -b flag.
#
# For example, the following command generates a self signed cert for the
# machine "secure.example.com" with a 1536 bit RSA key and a common name of
# "C=US, ST=Montana, L=Bozeman, CN=secure.example.com":
# gssc secure.example.com -b 1536 -password "badpassword" \
# -s "/C=US/ST=Montana/L=Bozeman/CN=secure.example.com"
#
# This example creates a self signed cert for www.example.org with no password
# on the private key and a subject name of "C=US, ST=California, L=Felton,
# CN=www.example.org":
# fssc www.example.com
#
# Cheers!
# Check to see if we provided a host name
if [ $# -lt 1 ]; then
echo "Usage: $0 <host name> [-b bits] [-p password] [-s subject name]"
exit 1
fi
# Set up defaults
CN=$1
BITS=2048
PASSWORD=""
SN="/C=US/ST=California/L=Felton/CN=$1"
# Now apply the parameters
shift
while getopts "b:p:s:" flag
do
case $flag in
b) BITS=$OPTARG;;
p) PASSWORD=$OPTARG;;
s) SN=$OPTARG;;
esac
done
# First off, generate a RSA key
if [ 0 = ${#PASSWORD} ]; then
openssl genrsa -out $CN.key $BITS
else
if [ 4 -gt ${#PASSWORD} ]; then
echo "Your pass phrase must be four or more characters."
exit 2
else
openssl genrsa -out $CN.key -des3 -passout "pass:$PASSWORD" $BITS
fi
fi
# Now create the certificate
if [ 0 = ${#PASSWORD} ]; then
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt
else
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt \
-passin "pass:$PASSWORD"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.