Skip to content

Instantly share code, notes, and snippets.

@alistairhenderson
Last active November 19, 2021 02:11
Show Gist options
  • Save alistairhenderson/52129889a8599dd9102d19cfb78f57ca to your computer and use it in GitHub Desktop.
Save alistairhenderson/52129889a8599dd9102d19cfb78f57ca to your computer and use it in GitHub Desktop.
Create Wildcard self signed certificate
#!/bin/bash
read -p "Enter the domain name: " domainname
read -p "Enter the domain e.g. local not .local: " domain
read -p "Enter country for csr:" country
read -p "Enter county for csr:" county
read -p "Enter city for csr:" city
read -p "Enter company name for csr:" company
read -p "Enter department for csr e.g IT:" department
read -p "Enter password for certificate greater than 5 characters:" PASS
read -p "Enter howmany years for the certificate to last:" certyears
read -p "Just create config files Y/N:" configind
if [ ${#PASS} -lt 5 ]; then echo "Password wrong length" ; exit
fi
passfile=$domainname.passfile
passfileout=$domainname.passfileout
key=$domainname.key
csr=$domainname.csr
crt=$domainname.crt
pfx=$domainname.pfx
nopass_key=$domainname.nopass.key
csrconf=$domainname.csr.cnf
crtconf=$domainname.crt.cnf
fqdn=$domainname.$domain
days=365
certdays=$((certyears * days))
checkfile=$domainname.txt
rm -f $passfile
echo $PASS > $passfile
echo $PASS > $passfileout
echo $certdays
#read -n 1 -p "Press Enter to continue"
echo [req] > $crtconf
echo req_extensions = v3_req >> $crtconf
echo prompt = no >> $crtconf
echo [v3_req] >> $crtconf
echo basicConstraints = critical, CA:TRUE >> $crtconf
echo subjectKeyIdentifier = hash >> $crtconf
echo authorityKeyIdentifier = keyid:always, issuer:always >> $crtconf
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly >> $crtconf
echo [code_signing] >> $crtconf
echo extendedKeyUsage = 1.3.6.1.5.5.7.3.3,codeSigning,serverAuth,clientAuth,emailProtection,timeStamping >> $crtconf
echo subjectAltName = @alt_names >> $crtconf
echo [alt_names] >> $crtconf
echo DNS.1 = *.$fqdn >> $crtconf
echo [req] > $csrconf
echo prompt = no >> $csrconf
echo distinguished_name = req_distinguished_name >> $csrconf
echo [req_distinguished_name] >> $csrconf
echo C = $country >> $csrconf
echo ST = $county >> $csrconf
echo L = $city >> $csrconf
echo O = $company >> $csrconf
echo OU = $department >> $csrconf
echo CN = *.$fqdn >> $csrconf
if [ "$configind" = "Y" ]; then echo "Only Config files wanted" ;
echo these are the command that need to be executed ;
echo openssl genrsa -des3 -passout file:$passfile -out $key 4096 ;
echo openssl req -new -sha256 -config $csrconf -passin file:$passfile -key $key -out $csr ;
echo openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -passin file:$passfile -in $csr -signkey $key -out $crt ;
echo openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt
echo openssl rsa -passin file:$passfile -in $key -out $nopass_key ; exit
echo openssl x509 -text -in $crt -noout
fi
echo these are the command to be executed
echo openssl genrsa -des3 -out $key 4096
echo openssl req -new -sha256 -config $csrconf -key $key -out $csr
echo openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -in $csr -signkey $key -out $crt
echo openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt
echo openssl rsa -passin file:$passfile -in $key -out $nopass_key
echo openssl x509 -text -in $crt -noout > $checkfile
read -n 1 -p "Press Enter to continue"
openssl genrsa -des3 -passout file:$passfile -out $key 4096
openssl req -new -sha256 -config $csrconf -passin file:$passfile -key $key -out $csr
openssl x509 -req -days $certdays -extfile $crtconf -extensions 'code_signing' -passin file:$passfile -in $csr -signkey $key -out $crt
openssl pkcs12 -export -name "*.$fqdn" -passin file:$passfile -passout file:$passfileout -out $pfx -inkey $key -in $crt
openssl rsa -passin file:$passfile -in $key -out $nopass_key
openssl x509 -text -in $crt -noout > $checkfile
rm $crtconf
rm $csrconf
rm $passfile
rm $passfileout
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment