public
Last active

This is the script I made a long time ago to generate self-signed certificates. While I was using it recently I realized other people might find it useful. Standard disclaimers apply: never use a self signed cert unless you know what you're doing; use at your own risk -- if it causes any damage, it's not my fault; feel free to use & copy it, just note it's got a BSD 2-clause license; etc. Lemme know if it works for you or if you think it's missing something. (but remember, it's supposed to be dog simple for generating self signed certs for testing) -Cheers!

  • Download Gist
gssc
Shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
#!/bin/bash
# Copyright (c) 2003-2013, Meadhbh S. Hamrick. All Rights Reserved.
# Released under a BSD License. See http://opensource.org/licenses/BSD-2-Clause
#
# This script uses openssl to generate a self-signed certificate. Usage is
# like this:
# gssc <host name> [-p password] [-s subject] [-b bitlength]
# The host name parameter is the subject name of the certificate; i.e. - the
# FQDN of the host you're generating a certificate for. This is also the base
# name for the key, certificate signing request and certificate files. If you
# want the key to be protected by a password, use the -p option to specify
# it. The subject name of the requested cert defaults to:
# "C=US, ST=California, L=Felton, CN=<host name>"
# You can select a differetn subject name by using the -s option and providing
# a complete openssl style subject name. For example:
# "/C=IO/ST=Chagos/L=Diego Garcia/CN=foo.bar.mil"
# will specify the expected subject name. Remember to put the slashes
# in front of each clause and to put the Common Name (CN) entry (we don't
# do it for you.) By default, we generate 2048 bit RSA keys. If you want some
# other bit length, use the -b flag.
#
# For example, the following command generates a self signed cert for the
# machine "secure.example.com" with a 1536 bit RSA key and a common name of
# "C=US, ST=Montana, L=Bozeman, CN=secure.example.com":
# gssc secure.example.com -b 1536 -password "badpassword" \
# -s "/C=US/ST=Montana/L=Bozeman/CN=secure.example.com"
#
# This example creates a self signed cert for www.example.org with no password
# on the private key and a subject name of "C=US, ST=California, L=Felton,
# CN=www.example.org":
# fssc www.example.com
#
# Cheers!
 
# Check to see if we provided a host name
if [ $# -lt 1 ]; then
echo "Usage: $0 <host name> [-b bits] [-p password] [-s subject name]"
exit 1
fi
 
# Set up defaults
CN=$1
BITS=2048
PASSWORD=""
SN="/C=US/ST=California/L=Felton/CN=$1"
 
# Now apply the parameters
shift
while getopts "b:p:s:" flag
do
case $flag in
b) BITS=$OPTARG;;
p) PASSWORD=$OPTARG;;
s) SN=$OPTARG;;
esac
done
 
# First off, generate a RSA key
if [ 0 = ${#PASSWORD} ]; then
openssl genrsa -out $CN.key $BITS
else
if [ 4 -gt ${#PASSWORD} ]; then
echo "Your pass phrase must be four or more characters."
exit 2
else
openssl genrsa -out $CN.key -des3 -passout "pass:$PASSWORD" $BITS
fi
fi
 
# Now create the certificate
if [ 0 = ${#PASSWORD} ]; then
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt
else
openssl req -new -batch -x509 -key $CN.key -subj "$SN" -days 365 -out $CN.crt \
-passin "pass:$PASSWORD"
fi

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.