Skip to content

Instantly share code, notes, and snippets.

@hthetiot

hthetiot/cert.sh

Created Jul 19, 2018
Embed
What would you like to do?
cert.sh
#!/bin/bash
# Bash shell script for generating self-signed certs. Run this in a folder, as it
# generates a few files. Large portions of this script were taken from the
# following artcile:
#
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
#
# Additional alterations by: Brad Landers
# Date: 2012-01-27
#
# Additional alterations by: Harold Thetiot
# Date: 2018-07-19
# Script accepts a single argument, the fqdn for the cert
export BASEDIR="$( cd "$(dirname "$0")" ; pwd -P )"
DEFAULT_DOMAIN="example.local"
DOMAIN="$1"
# Use default domain
if [ -z "$DOMAIN" ]; then
DOMAIN=$DEFAULT_DOMAIN
#echo "Usage: $(basename $0) <domain>"
#exit 11
fi
# Default CRS
ORG="DisasterAware"
COUNTRY="US"
ST="CA"
LO="San Jose"
OU="$ORG DevOps"
CN="$DOMAIN"
EMAIL="admin@$DOMAIN"
# Certificate details; replace items in angle brackets with your own info
subj="
C=$COUNTRY
ST=$ST
O=$ORG
L=$LO
CN=$CN
OU=$OU
emailAddress=$EMAIL"
fail_if_error() {
[ $1 != 0 ] && {
unset PASSPHRASE
exit 10
}
}
if [ -z "$DOMAIN" ]; then
echo "Usage: $(basename $0) <domain>"
exit 11
fi
# Use Domain
echo "DOMAIN: $DOMAIN"
# Generate a passphrase
export PASSPHRASE=$(head -c24 < /dev/random | base64; echo)
echo "PASSPHRASE: $PASSPHRASE"
echo "\n\r"
# Generate the server private key
if [ ! -f $BASEDIR/private/$DOMAIN.key ]; then
echo "Generate the server private key:"
echo "-------"
openssl genrsa -des3 -out $BASEDIR/private/$DOMAIN.key -passout env:PASSPHRASE 2048
fail_if_error $?
echo "-------\n\r"
fi
chmod 600 $BASEDIR/private/$DOMAIN.key
# Generate the CSR
if [ ! -f $BASEDIR/private/$DOMAIN.csr ]; then
echo "Generate the CSR:"
echo "-------"
subj=$(echo "$subj" | tr "=" "=/" | tr "\n" "/")
echo "subject=$subj"
openssl req \
-new -sha256 \
-batch \
-subj "$subj" \
-key "$BASEDIR/private/$DOMAIN.key" \
-out "$BASEDIR/private/$DOMAIN.csr" \
-passin env:PASSPHRASE
fail_if_error $?
echo "-------\n\r"
fi
# Strip the password so we don't have to type it every time we restart Apache
echo "Strip the password from private/$DOMAIN.key and save original in private/$DOMAIN.key.org"
echo "-------"
cp $BASEDIR/private/$DOMAIN.key $BASEDIR/private/$DOMAIN.key.org
fail_if_error $?
openssl rsa -in $BASEDIR/private/$DOMAIN.key.org -out $BASEDIR/private/$DOMAIN.key -passin env:PASSPHRASE
fail_if_error $?
echo "-------\n\r"
# Generate the cert (good for 10 years)
echo "Generate the cert (good for 10 years)"
echo "-------"
openssl x509 -req -days 3650 -in $BASEDIR/private/$DOMAIN.csr -signkey $BASEDIR/private/$DOMAIN.key -out $BASEDIR/certs/$DOMAIN.crt
fail_if_error $?
echo "-------\n\r"
echo "CERT: $BASEDIR/certs/$DOMAIN.crt"
echo "CSR: $BASEDIR/private/$DOMAIN.csr"
echo "KEY: $BASEDIR/private/$DOMAIN.key"
echo ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.