Skip to content

Instantly share code, notes, and snippets.

@aimeemikaelac
Created May 19, 2017 09:31
Show Gist options
  • Save aimeemikaelac/1fbc0f4ecc608c2feb03f5a1b4465069 to your computer and use it in GitHub Desktop.
Save aimeemikaelac/1fbc0f4ecc608c2feb03f5a1b4465069 to your computer and use it in GitHub Desktop.
Create an HTTPS TLS cert with subjectAltName set, but this time for an ip address. See other gist about creating one for a domain
#!/bin/bash
#https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288#43666288
if [ -z "$1" ]
then
echo "Please supply a subdomain to create a certificate for";
echo "e.g. www.mysite.com"
exit;
fi
if [ -z "$2" ]
then
echo "Need to have name for device";
exit;
fi
DOMAIN=$1
DEVICE=$2
#COMMON_NAME=${2:-*.$1}
COMMON_NAME=$DOMAIN
SUBJECT="/C=<country>/ST=<state>/L=<locale>/O=<org>/CN=$COMMON_NAME"
NUM_OF_DAYS=999
openssl req -new -sha256 -nodes -key $DEVICE.key -subj "$SUBJECT" -out $DEVICE.csr
cat v3_ip.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in $DEVICE.csr -CA <root ca>.pem -CAkey <root ca>.key -CAcreateserial -out $DEVICE.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext
# move output files to final filenames
mv $DEVICE.csr $DOMAIN.csr
#cp device.crt $DOMAIN.crt
# remove temp file
#rm -f device.crt;
echo
echo "###########################################################################"
echo Done!
echo "###########################################################################"
echo "To use these files on your server, simply copy both $DOMAIN.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)"
echo
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt"
echo " SSLCertificateKeyFile /path_to_your_files/device.key"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment