Last active
October 13, 2017 06:13
-
-
Save arukoh/e749c9a1ac40235e9497 to your computer and use it in GitHub Desktop.
【Sample Script】Self-Signed SSL Certificate generator.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require "tmpdir" | |
COMMON_NAME = ARGV[0] | |
OUTDIR = File.expand_path(ARGV[1] || '.') | |
if COMMON_NAME.nil? || !File.directory?(OUTDIR) | |
puts "Usage: #{File.basename(__FILE__)} [COMMON_NAME] [OUTDIR]" | |
exit 1 | |
end | |
PRIVATE_KEY_NUMBITS = 2048 | |
EXPIRATION_IN_DAYS = 365 | |
COUNTRY_NAME = "US" | |
STATE_OR_PROVINCE_NAME = "CA" | |
LOCALITY_NAME = "San Francisco" | |
ORGANIZATION_NAME = "Example Company" | |
ORGANIZATIONAL_UNIT_NAME = "Information Systems" | |
private_key_path = File.join(OUTDIR, "private_key.pem") | |
csr_path = File.join(OUTDIR, "csr.pem") | |
certificate_path = File.join(OUTDIR, "certificate.pem") | |
certificate_der_path = File.join(OUTDIR, "certificate.der") | |
OPENSSL_CNF = <<__CNF__ | |
#-------------openssl.cnf---------------- | |
[ req ] | |
default_bits = 1024 # Size of keys | |
default_keyfile = key.pem # name of generated keys | |
default_md = md5 # message digest algorithm | |
string_mask = nombstr # permitted characters | |
distinguished_name = req_distinguished_name | |
[ req_distinguished_name ] | |
# Variable name Prompt string | |
0.organizationName = Organization Name (company) | |
organizationalUnitName = Organizational Unit Name (department, division) | |
emailAddress = Email Address | |
emailAddress_max = 40 | |
localityName = Locality Name (city, district) | |
stateOrProvinceName = State or Province Name (full name) | |
countryName = Country Name (2 letter code) | |
countryName_min = 2 | |
countryName_max = 2 | |
commonName = Common Name (hostname, IP, or your name) | |
commonName_max = 64 | |
#-------------------Edit this section------------------------------ | |
countryName_default = #{COUNTRY_NAME} | |
stateOrProvinceName_default = #{STATE_OR_PROVINCE_NAME} | |
localityName_default = #{LOCALITY_NAME} | |
0.organizationName_default = #{ORGANIZATION_NAME} | |
organizationalUnitName_default = #{ORGANIZATIONAL_UNIT_NAME} | |
commonName_default = #{COMMON_NAME} | |
emailAddress_default = admin@#{COMMON_NAME} | |
__CNF__ | |
system("openssl genrsa -out #{private_key_path} #{PRIVATE_KEY_NUMBITS} 1>/dev/null 2>/dev/null") | |
Dir.mktmpdir do |dir| | |
cnf_path = File.join(dir, "openssl.cnf") | |
open(cnf_path, "w") {|f| f.puts(OPENSSL_CNF) } | |
system("openssl req -new -nodes -key #{private_key_path} -out #{csr_path} -config #{cnf_path} -batch") | |
system("openssl req -x509 -days #{EXPIRATION_IN_DAYS} -in #{csr_path} -key #{private_key_path} -out #{certificate_path}") | |
system("openssl x509 -in #{certificate_path} -outform DER -out #{certificate_der_path}") | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment