Skip to content

Instantly share code, notes, and snippets.

@aimeemikaelac
Created May 19, 2017 09:28
Show Gist options
  • Save aimeemikaelac/6e6fe1cc8c6f1c91087dff256d9fa7ee to your computer and use it in GitHub Desktop.
Save aimeemikaelac/6e6fe1cc8c6f1c91087dff256d9fa7ee to your computer and use it in GitHub Desktop.
My updated version of a script to create an HTTPS TLS cert that has subjectAltName set correctly for a domain. See the stackoverflow post in the comments. Requires a 4096 RSA key for the device, and a root CA key and cert to already exist
#!/bin/bash
#https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288#43666288
if [ -z "$1" ]
then
echo "Please supply a subdomain to create a certificate for";
echo "e.g. www.mysite.com"
exit;
fi
if [ -z "$2" ]
then
echo "Need to have name for device";
exit;
fi
DOMAIN=$1
DEVICE=$2
#COMMON_NAME=${2:-*.$1}
COMMON_NAME=$DOMAIN
SUBJECT="/C=<country>/ST=<state>/L=<locale>/O=<org>/CN=$COMMON_NAME"
NUM_OF_DAYS=999
openssl req -new -sha256 -nodes -key $DEVICE.key -subj "$SUBJECT" -out $DEVICE.csr
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in $DEVICE.csr -CA <root ca>.pem -CAkey <root ca>.key -CAcreateserial -out $DEVICE.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext
# move output files to final filenames
mv $DEVICE.csr $DOMAIN.csr
#cp device.crt $DOMAIN.crt
# remove temp file
#rm -f device.crt;
echo
echo "###########################################################################"
echo Done!
echo "###########################################################################"
echo "To use these files on your server, simply copy both $DOMAIN.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)"
echo
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt"
echo " SSLCertificateKeyFile /path_to_your_files/device.key"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment