jacquesbh/function.sh

## function.sh
# To include in your ~/.bash_profile or other
# You can change the `monsieurbiz.com` and the `MONSIEUR BIZ` in the code.
#
# The generated certificates are compatible with Chrome 58 and use complete SAN section.
#
# See https://www.thesslstore.com/blog/security-changes-in-chrome-58/
# And specially https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/IGT2fLJrAeo/csf_1Rh1AwAJ

function selfsignedssl () {
    echo "Country? [FR]"
    read country
    if [ "$country" = "" ]
    then
        country="FR"
    fi
    echo "State/Region? [Paris]"
    read state
    if [ "$state" = "" ]
    then
        state="Paris"
    fi
    echo "City? [Paris]"
    read city
    if [ "$city" = "" ]
    then
        city="Paris"
    fi
    echo "Organization? [MONSIEUR BIZ]"
    read org
    if [ "$org" = "" ]
    then
        org="MONSIEUR BIZ"
    fi
    echo "Please fill the hostname: (example: monsieurbiz.com)"
    read hostname
    echo "[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
x509_extensions = v3_req
req_extensions = san
extensions = san

[dn]
C=$country
ST=$state
L=$city
O=$org
CN=*.$hostname

[v3_req]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:false
subjectAltName = @alt_names

[san]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.$hostname
DNS.2 = $hostname" > /tmp/openssl.conf
    echo "Hostname aliases (space separated, or empty for none)?"
    read hosts
    cpt=3
    if [ ! "$hosts" = "" ]
    then
        for host in ${(z)hosts}
        do
            echo "DNS.$cpt = $host" >> /tmp/openssl.conf
            cpt=$(($cpt+1))
            echo "DNS.$cpt = *.$host" >> /tmp/openssl.conf
            cpt=$(($cpt+1))
        done
    fi
    echo command: openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf
    openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf
}
	# To include in your ~/.bash_profile or other
	# You can change the `monsieurbiz.com` and the `MONSIEUR BIZ` in the code.
	#
	# The generated certificates are compatible with Chrome 58 and use complete SAN section.
	#
	# See https://www.thesslstore.com/blog/security-changes-in-chrome-58/
	# And specially https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/IGT2fLJrAeo/csf_1Rh1AwAJ

	function selfsignedssl () {
	echo "Country? [FR]"
	read country
	if [ "$country" = "" ]
	then
	country="FR"
	fi
	echo "State/Region? [Paris]"
	read state
	if [ "$state" = "" ]
	then
	state="Paris"
	fi
	echo "City? [Paris]"
	read city
	if [ "$city" = "" ]
	then
	city="Paris"
	fi
	echo "Organization? [MONSIEUR BIZ]"
	read org
	if [ "$org" = "" ]
	then
	org="MONSIEUR BIZ"
	fi
	echo "Please fill the hostname: (example: monsieurbiz.com)"
	read hostname
	echo "[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	distinguished_name = dn
	x509_extensions = v3_req
	req_extensions = san
	extensions = san

	[dn]
	C=$country
	ST=$state
	L=$city
	O=$org
	CN=*.$hostname

	[v3_req]
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid:always,issuer:always
	basicConstraints=CA:false
	subjectAltName = @alt_names

	[san]
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = *.$hostname
	DNS.2 = $hostname" > /tmp/openssl.conf
	echo "Hostname aliases (space separated, or empty for none)?"
	read hosts
	cpt=3
	if [ ! "$hosts" = "" ]
	then
	for host in ${(z)hosts}
	do
	echo "DNS.$cpt = $host" >> /tmp/openssl.conf
	cpt=$(($cpt+1))
	echo "DNS.$cpt = *.$host" >> /tmp/openssl.conf
	cpt=$(($cpt+1))
	done
	fi
	echo command: openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf
	openssl req -x509 -nodes -newkey rsa:4096 -keyout $hostname.key -out ${hostname//\*/_}.crt -days 3650 -config /tmp/openssl.conf
	}