Created
April 13, 2020 19:50
-
-
Save milolav/1d38f92dd51c06837f333e4731ef7810 to your computer and use it in GitHub Desktop.
Quickly create self signed certificates with one or more domain names using openssl on windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| if [%1]==[] ( | |
| echo Usage: %0 ^<domain_name^> [additional_domain] [additional_domain] ... | |
| exit /b 1 | |
| ) | |
| set friendly=%1 | |
| if [%2]==[] (set addsan=) else (set addsan=1) | |
| rem ***** If domain is wildcard substitute asterisk character with a _wildcard text for the file name | |
| set fn=%~1 | |
| if [%fn:~0,2%] == [*.] set fn=_wildcard.%fn:~2% | |
| rem ***** Write openssl configuration file | |
| echo [req]>%fn%.conf | |
| echo default_bits = 2048>>%fn%.conf | |
| echo prompt = no>>%fn%.conf | |
| echo default_md = sha256>>%fn%.conf | |
| echo distinguished_name = req_distinguished_name>>%fn%.conf | |
| if [%addsan%] == [1] echo x509_extensions = v3_req>>%fn%.conf | |
| echo.>>%fn%.conf | |
| echo [req_distinguished_name]>>%fn%.conf | |
| echo CN = %~1>>%fn%.conf | |
| echo.>>%fn%.conf | |
| if not [%addsan%] == [1] goto :makecert | |
| rem ***** Write san related sections | |
| echo [v3_req]>>%fn%.conf | |
| echo subjectAltName = @san>>%fn%.conf | |
| echo.>>%fn%.conf | |
| echo [san]>>%fn%.conf | |
| set /a sanid = 0 | |
| rem ***** Loop through SAN names | |
| :sanloop | |
| set /a sanid+=1 | |
| echo DNS.%sanid% = %~1>>%fn%.conf | |
| shift | |
| if [%~1]==[] goto :makecert | |
| goto :sanloop | |
| :makecert | |
| openssl req -new -x509 -nodes -days 3650 -sha256 -newkey rsa:4096 -keyout %fn%.key -out %fn%.crt -config %fn%.conf | |
| openssl pkcs12 -export -out %fn%.pfx -inkey %fn%.key -in %fn%.crt -name %friendly% -passout pass: |
Thanks! I don't have this one, but should be easy enough to port it over.
True, I definitely want to get better at scripting. This workflow (creating self signed certs for local dev) is becoming more and more relevant as apps move to a subdomain-per-user (substitute user for whatever resource is applicable) model.
This should work on linux. Compared to windows script, this one always sets SAN, even for one domain, to avoid browser issues. I should probably include that in windows script as well 😁
#! /bin/sh
set -e
if [ $# -eq 0 ]; then
echo "Usage $0 <domain_name> [additional_domain] [additional_domain] ..."
exit 1
fi
friendly="$1"
if [ "$1" != "${1#\*.}" ]; then
fn="_wildcard"$(echo $1 | cut -c 2-)
else
fn="$1"
fi
echo "[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_req
[req_distinguished_name]
CN = $1
[v3_req]
subjectAltName = @san
[san]
DNS.1 = $1" > "$fn.conf"
shift
num=1
while [ $# -gt 0 ]; do
num=$(($num + 1))
echo "DNS.$num = $1" >> "$fn.conf"
shift
done
openssl req -new -x509 -nodes -days 3650 -sha256 -newkey rsa:4096 -keyout "$fn.key" -out "$fn.crt" -config "$fn.conf"
openssl pkcs12 -export -out "$fn.pfx" -inkey "$fn.key" -in "$fn.crt" -name "$friendly" -passout pass:
Wow you are a legend... Thank you so much!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is amazing... Any chance you have this for unix based systems?