Skip to content

Instantly share code, notes, and snippets.

@fejese

fejese/gen_cert.sh

Created October 16, 2014 00:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fejese/5818e6315ef359bc44c5 to your computer and use it in GitHub Desktop.
Save fejese/5818e6315ef359bc44c5 to your computer and use it in GitHub Desktop.
Download ZIP
Generate self-signed ca signed certificate
Raw
gen_cert.sh
#!/bin/bash
if [ -z "$1" ]; then
echo "Name???"
exit 1
fi
name=$1;
: ${CA_FORM:="PEM"}
: ${CA_CRT:="ca.crt"}
: ${CA_KEY:="ca.key"}
: ${CA_SERIAL:="ca.serial"}
: ${DNS_FILE:="$name.dns"}
: ${EXT_FILE:="$name.ext"}
: ${KEY_FILE:="$name.key"}
: ${REQ_FILE:="$name.csr"}
: ${CRT_FILE:="$name.crt"}
: ${CFG_FILE:="$name.cnf"}
sAN="subjectAltName=";
if [ -f "$DNS_FILE" ]; then
sANb=1;
for i in `cat "$DNS_FILE"`; do
[ $sANb -ne 1 ] && sAN="$sAN," || sANb=0;
sAN=$sAN"DNS:$i";
done
else
sAN=$sAN"DNS:$name"
echo $name > "$DNS_FILE"
fi
echo $sAN > "$EXT_FILE"
echo -e "\n\ngenrsa:\n"
openssl genrsa -out "$KEY_FILE" 2048
echo -e "\n\nreq:\n"
[ -f "$CFG_FILE" ] && cfgparam="-batch -config $CFG_FILE" || cfgparam=""
openssl req -verbose -new -key "$KEY_FILE" -out "$REQ_FILE" $cfgparam
echo -e "\n\ncert:\n"
# without ca
# openssl x509 -req -days 3650 -in "$REQ_FILE" -signkey "$KEY_FILE" -text -out "$CRT_FILE" -extfile "$EXT_FILE"
# with ca
openssl x509 -req -days 3600 \
-in "$REQ_FILE" -out "$CRT_FILE" -extfile "$EXT_FILE" \
-CA "$CA_CRT" -CAform "$CA_FORM" -CAkey "$CA_KEY" -CAserial "$CA_SERIAL"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment