Skip to content

Instantly share code, notes, and snippets.

@benfavre

benfavre/gen.sh

Forked from thomasyip/gen.sh
Created January 15, 2017 00:15
Show Gist options
  • Save benfavre/c2355b7b52ce8beeda9177db60d81f1b to your computer and use it in GitHub Desktop.
Save benfavre/c2355b7b52ce8beeda9177db60d81f1b to your computer and use it in GitHub Desktop.
Download ZIP
Generate self-signed alternate dns (wildcard) ssl certificate with a single script
Raw
gen.sh
#!/bin/bash
# file: gen.sh
# usage: ./gen.sh [name]
ROOT=rootCA
NAME=${1:-device}
EXTS=( key cnf csr crt )
ROOT_NAME=rootCA
ROOT_EXTS=( key pem )
for EXT in "${ROOT_EXTS[@]}"
do
if [ ! -f $ROOT_NAME.$EXT ]; then
echo "Root CA file $ROOT_NAME.$EXT is not available."
exit
fi
done
for EXT in "${EXTS[@]}"
do
if [ -f $NAME.$EXT ]; then
echo "$NAME.$EXT already exists!"
exit
fi
done
echo -e "\
[req]\n\
req_extensions = v3_req\n
distinguished_name = req_distinguished_name\n\n\
[req_distinguished_name]
countryName = Country Name (2 letter code)\n\
stateOrProvinceName = State or Province Name (full name)\n\
localityName = Locality Name (eg, city)\n\
organizationalUnitName = Organizational Unit Name (eg, section)\n\
commonName = Common Name (eg, YOUR name)\n\
commonName_max = 64\n\
emailAddress = Email Address\n\
emailAddress_max = 40\n\n\
[v3_req]\n\
keyUsage = keyEncipherment, dataEncipherment\n\
extendedKeyUsage = serverAuth\n\
subjectAltName = @alt_names\n\n\
[alt_names]\
" > $NAME.cnf
for i in {1..999}
do
echo "Enter alternate DNS Name (wildcard is okay, enter when done): "
read ALT_NAME
if [ "$ALT_NAME" == "" ]; then
echo "Okay!"
break
fi
echo -e "DNS.$i = $ALT_NAME" >> $NAME.cnf
done
openssl genrsa -out $NAME.key 2048
openssl req -new -sha256 -key $NAME.key -out $NAME.csr -config $NAME.cnf
openssl x509 -req -sha256 -days 3650 -in $NAME.csr -CA $ROOT.pem -CAkey $ROOT.key -CAcreateserial -extensions v3_req -out $NAME.crt -extfile $NAME.cnf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment