Skip to content

Instantly share code, notes, and snippets.

@jerelmiller
Last active May 1, 2022 08:06
Show Gist options
  • Save jerelmiller/87b8e146338968dd7a3b75843e98404b to your computer and use it in GitHub Desktop.
Save jerelmiller/87b8e146338968dd7a3b75843e98404b to your computer and use it in GitHub Desktop.
if [ -z "$1" ]
then
echo "Please supply a subdomain to create a certificate for";
echo "e.g. www.mysite.com"
exit;
fi
# Create a new private key if one doesnt exist, or use the xeisting one if it does
if [ -f device.key ]; then
KEY_OPT="-key"
else
KEY_OPT="-keyout"
fi
DOMAIN=$1
COMMON_NAME=${2:-*.$1}
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
NUM_OF_DAYS=999
openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext
# move output files to final filenames
mv device.csr $DOMAIN.csr
cp device.crt $DOMAIN.crt
# remove temp file
rm -f device.crt;
echo
echo "###########################################################################"
echo Done!
echo "###########################################################################"
echo "To use these files on your server, simply copy both $DOMAIN.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)"
echo
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt"
echo " SSLCertificateKeyFile /path_to_your_files/device.key"
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = %%DOMAIN%%
@jerelmiller
Copy link
Author

> ./create_root_cert_and_key.sh
> ./create_certificate_for_domain.sh *.24tru.dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment