Generate Root CA and self-singed certificate using openssl

generate-certificate-openssl.sh

#!/usr/bin/env bash

DomainName="yourdomain.example.com";

echo "Generating Root CA key"
[[ -f rootCA.key ]] || openssl genrsa -des3 -out rootCA.key 2048


echo "Generating Root CA certificate"
[[ -f rootCA.pem ]] || openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

echo "Generating certificate key"
[[ -f $DomainName.key ]] || openssl genrsa -des3 -out $DomainName.key 1024

echo "Generating Certificate signing request"
[[ -f $DomainName.csr ]] || openssl req -nodes -sha256 -newkey rsa:2048 -keyout $DomainName.key -out $DomainName.csr -config <( cat<<EOF
[req]
prompt = no
distinguished_name = dn
req_extensions     = req_ext
x509_extensions = usr_cert

[ dn ]
C=<CountryCode>
ST=<State>
L=<Location>
O=<Organization>
OU=<OrganizationUnit>
emailAddress=<Email>
CN = $DomainName
 
[ req_ext ]
subjectAltName=DNS:$DomainName

[ usr_cert ]
subjectAltName=DNS:$DomainName
EOF
)



echo "Signing CSR with root key"

[[ -f $DomainName.crt ]] || openssl x509 -req -in $DomainName.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $DomainName.crt -days 500 -sha256 -extfile <(printf "subjectAltName=DNS:$DomainName")