Last active
July 6, 2018 22:10
-
-
Save jackinloadup/830bcf05ddd09ce2d0207f82d9eaa3aa to your computer and use it in GitHub Desktop.
Self signed cert creator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
readonly PROGNAME="$(basename "$0")" | |
readonly PROGDIR="$(readlink -m "$(dirname "$0")")" | |
readonly ARGS="$@" | |
#readonly DAYS_IN_YEAR=365 | |
#readonly YEARS=3 | |
#readonly CERT_DAYS= $DAYS_IN_YEAR * $YEARS | |
HOSTNAME="$1" | |
if [ -z "$HOSTNAME" ]; then | |
echo "No hostname provided" | |
echo " This tool will generate a certificate for use with NASA SAML/ICAM/LAUNCHPAD" | |
echo | |
echo " EXAMPLE" | |
echo " ./$PROGNAME eva.nasa.gov" | |
exit 1 | |
fi | |
openssl req \ | |
-x509 \ | |
-nodes \ | |
-days 1095 \ | |
-subj "/C=US/ST=DC/L=Washington/O=NASA/OU=HQ/CN=$HOSTNAME" \ | |
-config openssl.cnf \ | |
-newkey rsa:2048 \ | |
-keyout $HOSTNAME.key \ | |
-out $HOSTNAME.crt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This definition stops the following lines choking if HOME isn't | |
# defined. | |
HOME = . | |
RANDFILE = $ENV::HOME/.rnd | |
default_days = 730 # how long to certify for | |
default_crl_days = 30 # how long before next CRL | |
default_md = sha256 # which md to use. | |
preserve = no # keep passed DN ordering | |
# For the 'anything' policy | |
# At this point in time, you must list all acceptable 'object' | |
# types. | |
[ policy_anything ] | |
countryName = optional | |
stateOrProvinceName = optional | |
localityName = optional | |
organizationName = optional | |
organizationalUnitName = optional | |
commonName = supplied | |
emailAddress = optional | |
#################################################################### | |
[ req ] | |
email_in_dn = no | |
default_bits = 2048 | |
default_keyfile = privkey.pem | |
distinguished_name = req_distinguished_name | |
string_mask = nombstr | |
x509_extensions = v3_ca # The extentions to add to the self signed cert | |
[ req_attributes ] | |
[ req_distinguished_name ] | |
countryName = Country Name (2 letter code) | |
countryName_default = US | |
countryName_min = 2 | |
countryName_max = 2 | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = DC | |
localityName = Locality Name (eg, city) | |
localityName_default = Washington | |
0.organizationName = Organization Name (eg, company) | |
0.organizationName_default = NASA | |
organizationalUnitName = Organizational Unit Name (eg, section) | |
organizationalUnitName_default = HQ | |
commonName = Common Name (e.g. server FQDN or YOUR name) | |
commonName_max = 64 | |
[ v3_ca ] | |
basicConstraints = CA:TRUE | |
nsComment = "NASA SAML sp Metadata X509 Certificate" | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid,issuer:always | |
keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment