Generate self-signed certificate with OpenSSL

gen-self-cert.sh

#!/bin/bash

# read input
domain=$1
if [ -z $domain ]; then
    read -p "domain: " domain
fi
rsa=$2
if [ -z $rsa ]; then
    rsa=2048 # 2048 bits by default
fi
days=$3
if [ -z $days ]; then
    days=3650 # 10 years by default
fi

# generate key pair
openssl \
    req \
    -sha256 \
    -newkey rsa:$rsa \
    -x509 \
    -nodes \
    -keyout $domain.key \
    -out $domain.pem \
    -days $days \
    -subj "/CN=$domain"

# check results
openssl x509 -in $domain.pem -text -noout