Skip to content

Instantly share code, notes, and snippets.

@adrianorsouza
Last active September 1, 2023 10:34
Show Gist options
  • Star 27 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save adrianorsouza/2bbfe5e197ce1c0b97c8 to your computer and use it in GitHub Desktop.
Save adrianorsouza/2bbfe5e197ce1c0b97c8 to your computer and use it in GitHub Desktop.
Script to create a new self-signed SSL Certificate for Nginx
#!/bin/bash
# @author Adriano Rosa (http://adrianorosa.com)
# @date: 2014-05-13 09:43
#
# Bash Script to create a new self-signed SSL Certificate
# At the end of creating a new Certificate this script will output a few lines
# to be copied and placed into NGINX site conf
#
# USAGE: this command will ask for the certificate name and number in days it will expire
# $ mkselfssl
#
# OPTIONAL: run the command straightforward
# $ mkselfssl mycertname 365
# Default dir to place the Certificate
DIR_SSL_CERT="/etc/nginx/ssl/cert"
DIR_SSL_KEY="/etc/nginx/ssl/private"
SSLNAME=$1
SSLDAYS=$2
if [ -z $1 ]; then
printf "Enter the SSL Certificate Name:"
read SSLNAME
fi
if [ -z $2 ]; then
printf "How many days the Certificate will be valid:"
read SSLDAYS
fi
if [[ $SSLDAYS == "" ]]; then
$SSLDAYS = 365
fi
echo "Creating a new Certificate ..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $SSLNAME.key -out $SSLNAME.crt -days $SSLDAYS
# Make directory to place SSL Certificate if it doesn't exists
if [[ ! -d $DIR_SSL_KEY ]]; then
sudo mkdir -p $DIR_SSL_KEY
fi
if [[ ! -d $DIR_SSL_CERT ]]; then
sudo mkdir -p $DIR_SSL_CERT
fi
# Place SSL Certificate within defined path
sudo cp $SSLNAME.key $DIR_SSL_KEY/$SSLNAME.key
sudo cp $SSLNAME.crt $DIR_SSL_CERT/$SSLNAME.crt
# Print output for Nginx site config
printf "+-------------------------------
+ SSL Certificate has been created.
+ Here is the NGINX Config for $SSLNAME
+ Copy it into your nginx config file
+-------------------------------\n\n
ssl_certificate $DIR_SSL_CERT/$SSLNAME.crt;
ssl_certificate_key $DIR_SSL_KEY/$SSLNAME.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;\n\n"
# Nginx SSL site config
server {
server_name .sitename.com;
listen 443 ssl;
root /var/www/sitename.com.br/public_html;
ssl_certificate /etc/nginx/ssl/cert/sslsitename.crt;
ssl_certificate_key /etc/nginx/ssl/private/sslsitename.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
try_files $uri $uri;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
}
@adrianorsouza
Copy link
Author

Before run this script make sure the command is in $PATH. On Linux environment such as Ubuntu the easy to go, if its not already exist, is to create a bin folder within home folder then place this file named mkselfssl. Or make a symbolic link pointing to /usr/local/bin/

# ln -s ~/mkselfssl.sh /usr/local/bin/mkselfssl

add correct permission to allow user execute the program

$ chmod 750 mkselfssl.sh 

USAGE: $ mkselfssl [Certificate Name] [Expire in days]
An example:

$ mkselfssl mysslname 365

1 - Fill in the information OpenSSL will prompt like Company Name, City, Province so on ..
2 - After all copy the lines in output by this script and place it into nginx ssl site config file.
example output :

ssl_certificate      /etc/nginx/ssl/cert/mysslname.crt;
ssl_certificate_key  /etc/nginx/ssl/private/mysslname.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

@hgati
Copy link

hgati commented Jan 26, 2018

in single line. non-interactive

openssl req \
-subj '/CN=aruljohn.com/O=Arul John/C=US' \
-new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout \
server.key -out server.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment