Last active
July 20, 2018 16:19
-
-
Save jacquesbh/50ae46882f2a44cec64dbf8daefbb202 to your computer and use it in GitHub Desktop.
Self signed certificates generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To include in your ~/.bash_profile or other | |
# You can change the `monsieurbiz.com` and the `MONSIEUR BIZ` in the code. | |
# | |
# The generated certificates are compatible with Chrome 58 and use complete SAN section. | |
# | |
# See https://www.thesslstore.com/blog/security-changes-in-chrome-58/ | |
# And specially https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/IGT2fLJrAeo/csf_1Rh1AwAJ | |
function selfsignedssl () { | |
echo "Country? [FR]" | |
read country | |
if [ "$country" = "" ] | |
then | |
country="FR" | |
fi | |
echo "State/Region? [Paris]" | |
read state | |
if [ "$state" = "" ] | |
then | |
state="Paris" | |
fi | |
echo "City? [Paris]" | |
read city | |
if [ "$city" = "" ] | |
then | |
city="Paris" | |
fi | |
echo "Organization? [MONSIEUR BIZ]" | |
read org | |
if [ "$org" = "" ] | |
then | |
org="MONSIEUR BIZ" | |
fi | |
echo "Please fill the hostname: (example: monsieurbiz.com)" | |
read hostname | |
echo "[req] | |
default_bits = 2048 | |
prompt = no | |
default_md = sha256 | |
distinguished_name = dn | |
x509_extensions = v3_req | |
req_extensions = san | |
extensions = san | |
[dn] | |
C=$country | |
ST=$state | |
L=$city | |
O=$org | |
CN=*.$hostname | |
[v3_req] | |
subjectKeyIdentifier=hash | |
authorityKeyIdentifier=keyid:always,issuer:always | |
basicConstraints=CA:false | |
subjectAltName = @alt_names | |
[san] | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = *.$hostname | |
DNS.2 = $hostname" > /tmp/openssl.conf | |
echo "Hostname aliases (space separated, or empty for none)?" | |
read hosts | |
cpt=3 | |
if [ ! "$hosts" = "" ] | |
then | |
for host in ${(z)hosts} | |
do | |
echo "DNS.$cpt = $host" >> /tmp/openssl.conf | |
cpt=$(($cpt+1)) | |
echo "DNS.$cpt = *.$host" >> /tmp/openssl.conf | |
cpt=$(($cpt+1)) | |
done | |
fi | |
echo command: openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf | |
openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment