Skip to content

Instantly share code, notes, and snippets.

@marcelaraujo

marcelaraujo/makessl.sh

Created March 23, 2020 14:38
Show Gist options
  • Save marcelaraujo/d858842b01af80f75b308e9aa393109c to your computer and use it in GitHub Desktop.
Save marcelaraujo/d858842b01af80f75b308e9aa393109c to your computer and use it in GitHub Desktop.
Download ZIP
Make SSL
Raw
makessl.sh
#!/bin/bash
mkdir -p ssl
cat << EOF > ssl/req.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#subjectAltName = @alt_names
#[alt_names]
#DNS.1 = unison.rheldemo.lan
EOF
openssl genrsa -out ssl/ca-key.pem 2048
openssl req -x509 -new -nodes -key ssl/ca-key.pem -days 3650 -sha256 -out ssl/ca.pem -subj "/CN=kube-ca"
#Change your subject to match your OU_HOST
openssl genrsa -out ssl/key.pem 2048
openssl req -new -key ssl/key.pem -out ssl/csr.pem -subj "/C=US/ST=Virginia/L=Arlington/O=Trmeolo Security/OU=Demo/CN=oidcidp.tremolo.lan" -sha256 -config ssl/req.cnf
openssl x509 -req -in ssl/csr.pem -CA ssl/ca.pem -CAkey ssl/ca-key.pem -CAcreateserial -sha256 -out ssl/cert.pem -days 3650 -extensions v3_req -extfile ssl/req.cnf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment