Crete a CSR and split the intermediates from a CRT chain

cert.sh

#!/bin/bash

if [ $# -lt 1 ]; then
    echo "Usage: $(basename "$0") DOMAIN [ALTERNATIVES]..." >&2
    exit 1
fi

# first arugment is the CN
domain=${1//\*/wild}
config="$domain.cnf"

cat <<EOF > "$config"
[ req ]
default_bits        = 2048
default_md          = sha256
prompt              = no
distinguished_name  = req_dn
req_extensions      = req_extensions

[ req_dn ]
countryName         = GB
stateOrProvinceName = West Yorkshire
localityName        = Leeds
postalCode          = LS1 4AP
streetAddress       = 2 Wellington Place
organizationName    = Hestview Limited
commonName          = $1

[ req_extensions ]
subjectAltName = @alt_names

[ alt_names ]
EOF

# list the arguments as SANs
for (( i=1; i<=$#; i++ )); do
    echo "DNS.$i = ${!i}" >> "$config"
done

openssl genrsa -out "$domain.key" 2048
openssl req -new -key "$domain.key" -config "$config" -out "$domain.csr"
cat "$domain.csr"

certs.rb

# describes a CER file as provided by Comodo (root-intermediates-cert)
class Cerfile
  def initialize(path)
    @path = path
    @data = File.read(path).split(/(?<=-)\n(?=-)/)
  end

  # gets site certificate as the last value in the data array
  def get_cert
    @data.last
  end

  # gets the chain required, removing the root (cert-intermediates)
  def get_chain
    @data.drop(1).reverse.join("\n")
  end

  # returns the certificate filename provided with file extension removed
  def name
    File.basename(@path).split('.').first.gsub('_', '.')
  end
end

cert = Cerfile.new(ARGV[0])
File.write(cert.name + '.crt', cert.get_chain)