Generates self-signed certificates to be used when creating MTLS solutions.

generate-self-signed-cert.sh

#!/bin/bash

# Script to generate self-signed certificates to be used with nginx-ingress and MTLS.
# Made in such a way that is harder to accidentally overwrite any other certificates previously generated...

echo "Please enter customer, use case and stage name"

echo "Customer:"
read cust

echo "Use case:"
read usecase

echo "Stage - for example dev:"
read stage

echo "Please select the folder where you want to store the generated certificates:"

read path

cd $path

echo "Your generated certificates can be found in ${path}"


# Generate CA Key and Certificate
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca-root.key -out ca-root.crt -days 356 -nodes -subj '/CN=${cust} Cert Authority'
# Generate the Server Key, and Certificate 
openssl req -new -newkey rsa:4096 -keyout -$stage-server.key -out $cust-$stage-server.csr -nodes -subj '/CN=${cust}-${usecase}.local'
# Sign with the CA Certificatec. 
openssl x509 -req -sha256 -days 365 -in $cust-$stage-server.csr -CA ca-root.crt -CAkey ca-root.key -set_serial 01 -out $cust-$stage-server.crt
# Generate the Client Key, and Certificate
openssl req -new -newkey rsa:4096 -keyout $cust-$stage-client.key -out $cust-$stage-client.csr -nodes -subj '/CN=${cust} Client'
# Sign with the CA Certificatee. 
openssl x509 -req -sha256 -days 365 -in $cust-$stage-client.csr -CA ca-root.crt -CAkey ca-root.key -set_serial 02 -out $cust-$stage-client.crt

# Convert to PFX
# openssl pkcs12 -inkey $cust-$stage-client.key -in $cust-$stage-client.crt -certfile ca-root.crt -export -out $cust-client.pfx