Skip to content

Instantly share code, notes, and snippets.

@koedoyoshida

koedoyoshida/make-self-signed-cert-openssl.sh

Forked from yaegashi/make-self-signed-cert-openssl.sh
Created December 23, 2020 00:05
Show Gist options
  • Save koedoyoshida/427bb5cf7f88d55e9abbf866756c05dc to your computer and use it in GitHub Desktop.
Save koedoyoshida/427bb5cf7f88d55e9abbf866756c05dc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
make-self-signed-cert-openssl.sh
#!/bin/sh
if test $# -lt 2; then
echo "Usage: $0 <common name> <output> [ca options ...]" >&2
exit 1
fi
cn=$1
out=$2
shift 2
dir=$(mktemp -d)
trap "rm -rf $dir" EXIT
cat <<EOF >$dir/ssleay.cnf
RANDFILE = /dev/urandom
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
prompt = no
[ ca ]
default_ca = ca_default
[ ca_default ]
certs = $dir
new_certs_dir = $dir
database = $dir/index
serial = $dir/serial
default_startdate = 500101000000Z
default_enddate = 491231235959Z
default_md = sha256
policy = policy_anything
x509_extensions = v3_req
[ req_distinguished_name ]
commonName = $cn
[ v3_req ]
basicConstraints = CA:FALSE
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
touch $dir/index
echo 00 >$dir/serial
openssl req -config $dir/ssleay.cnf -new -nodes -out $dir/csr.pem -keyout $dir/key.pem
openssl ca -config $dir/ssleay.cnf -batch -notext -selfsign -in $dir/csr.pem -keyfile $dir/key.pem -out $dir/crt.pem "$@"
cat $dir/key.pem $dir/crt.pem >$out
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment