Skip to content

Instantly share code, notes, and snippets.

@bradland

bradland/gencert.sh

Created January 27, 2012 20:39
Show Gist options
  • Star 36 You must be signed in to star a gist
  • Fork 27 You must be signed in to fork a gist
  • Save bradland/1690807 to your computer and use it in GitHub Desktop.
Save bradland/1690807 to your computer and use it in GitHub Desktop.
Download ZIP
Generate a self-signed SSL cert
Raw
gencert.sh
#!/bin/bash
# Bash shell script for generating self-signed certs. Run this in a folder, as it
# generates a few files. Large portions of this script were taken from the
# following artcile:
#
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
#
# Additional alterations by: Brad Landers
# Date: 2012-01-27
# Script accepts a single argument, the fqdn for the cert
DOMAIN="$1"
if [ -z "$DOMAIN" ]; then
echo "Usage: $(basename $0) <domain>"
exit 11
fi
fail_if_error() {
[ $1 != 0 ] && {
unset PASSPHRASE
exit 10
}
}
# Generate a passphrase
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
# Certificate details; replace items in angle brackets with your own info
subj="
C=<COUNTRY>
ST=<STATE>
O=<COMPANY_NAME>
localityName=<CITY>
commonName=$DOMAIN
organizationalUnitName=<DEPARTMENT_NAME>
emailAddress=<ADMIN_EMAIL>
"
# Generate the server private key
openssl genrsa -des3 -out $DOMAIN.key -passout env:PASSPHRASE 2048
fail_if_error $?
# Generate the CSR
openssl req \
-new \
-batch \
-subj "$(echo -n "$subj" | tr "\n" "/")" \
-key $DOMAIN.key \
-out $DOMAIN.csr \
-passin env:PASSPHRASE
fail_if_error $?
cp $DOMAIN.key $DOMAIN.key.org
fail_if_error $?
# Strip the password so we don't have to type it every time we restart Apache
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
fail_if_error $?
# Generate the cert (good for 10 years)
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
fail_if_error $?
@mhf-ir
Copy link

mhf-ir commented Sep 8, 2015

Generating RSA private key, 2048 bit long modulus
........................................+++
................................................................................+++
e is 65537 (0x10001)
problems making Certificate Request
140375011509904:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2

@Lupus
Copy link

Lupus commented Sep 27, 2015

I've got same as above...

@xavs
Copy link

xavs commented Nov 18, 2015

change the variable subj to "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

@sharif0777
Copy link

ops.com.csr: No such file or directory

@colorwebdesigner
Copy link

colorwebdesigner commented Mar 16, 2017
edited

@Lupus @mhf-ir
As you can see in error message: maxsize=2. The problem is in <COUNTRY> string. It must be not longer then 2 characters: US, GB, RU etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment