self_sign

#!/bin/sh
# 
# make a new self signed cert
# re: https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
#

SERVER=$1
DAYS=3650 # 10 years
# uncomment to set a passphrase, which will be required when whatever's using the cert starts
# PASSPHRASE="-des3"

if [ -z "$1" ]; then
  echo "$0 <servername>"
  exit 1
fi

openssl genrsa ${PASSPHRASE} -out ${SERVER}.key 1024
openssl rsa -in ${SERVER}.key -out ${SERVER}.key.insecure
openssl req -new -key ${SERVER}.key -out ${SERVER}.csr
openssl x509 -req -days ${DAYS} -in ${SERVER}.csr -signkey ${SERVER}.key -out ${SERVER}.crt


sudo mv ${SERVER}.crt /etc/ssl/certs && sudo chown root:ssl-cert /etc/ssl/certs/${SERVER}.crt && sudo chmod 644 /etc/ssl/certs/${SERVER}.crt
sudo mv ${SERVER}.key /etc/ssl/private && sudo chown root:ssl-cert /etc/ssl/private/${SERVER}.key && sudo chmod 640 /etc/ssl/private/${SERVER}.key
sudo rm ${SERVER}.csr ${SERVER}.key.insecure 

echo "New cert: /etc/ssl/certs/${SERVER}.crt"
echo "New key:  /etc/ssl/private/${SERVER}.key"
echo "Will be valid for ${DAYS} days"