Skip to content

Instantly share code, notes, and snippets.

@mfdj
Last active October 29, 2022 11:08
Show Gist options
  • Save mfdj/8277918 to your computer and use it in GitHub Desktop.
Save mfdj/8277918 to your computer and use it in GitHub Desktop.
Bash script that uses openssl to generate a wildcard certificate suitable for use in a local testing environment: not vetted for a production/public internet purposes. Usage: `$ ./wildcard.sh yourdomain.local` — generates a private key, certificate request, and ssl certificate.
#!/usr/bin/env bash
DOMAIN=$1
if [ -z "$DOMAIN" ]; then
echo -n 'Enter root domain (no www): '
read input_d
DOMAIN=$input_d
fi
[ -d certs ] || mkdir certs
# Easiest to generate conf file for each
# certificate creation process
OpenSSLConf="$DOMAIN"-openssl.cnf
cat >"$OpenSSLConf" <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country
countryName_default = US
stateOrProvinceName = State
stateOrProvinceName_default = OR
localityName = City
localityName_default = Portland
commonName = Common Name
commonName_default = *.$DOMAIN
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
DNS.2 = *.$DOMAIN
EOL
# Create Private RSA Key
openssl genrsa -out "certs/$DOMAIN".key 1024
# Create Certifcate Signing Request
openssl req -new -key "certs/$DOMAIN".key -out "certs/$DOMAIN".csr -config "$OpenSSLConf"
# Create Certifcate
openssl x509 -req -days 365 -in "certs/$DOMAIN".csr \
-signkey "certs/$DOMAIN".key -out "certs/$DOMAIN".crt \
-extensions v3_req \
-extfile "$OpenSSLConf"
# Nix the configfile
rm -- "$OpenSSLConf"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment