Skip to content

Instantly share code, notes, and snippets.

@mkorthof mkorthof/csr.sh
Created Dec 29, 2017

Embed
What would you like to do?
Generate certificate request with SAN (needs file.key)
#!/bin/bash
# ./csr.sh [domain] [filename] - generate certificate request (needs file.key)
# set domain and key/csr filename permanently:
DOMAIN="example.com"; FN="example"
# set certificate attributes:
C="AU"; ST="Some-State"; L="City"; O="Internet Widgits Pty Ltd"; OU="Section"
# set openssl options:
#OPTS="-sha256 -newkey rsa:4096"
OPTS="-sha512"
for ((i=0; i < 1; i++)); do [ "$1" ] && { DOMAIN="$1" && shift; }; [ "$1" ] && FN="$1"; done
[ ! -s "$FN.key" ] && { echo "ERROR: $FN.key not found, exiting"; exit 1; }
[ -s "$FN.csr" ] && { echo "WARNING: $FN.csr already exists, renaming to $FN.$$.csr.bak"; mv "$FN.csr" "$FN.$$.csr.bak"; }
openssl req -new "$OPTS" -nodes -out "$FN.csr" -key "$FN.key" -keyout "$FN.$$.key" -config <(cat <<-_EOF_
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
C = $C
ST = $ST
L = $L
O = $O
OU = $OU
CN = www.$DOMAIN
emailAddress = info@$DOMAIN
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = $DOMAIN
DNS.2 = www.$DOMAIN
DNS.3 = webmail.$DOMAIN
DNS.4 = ftp.$DOMAIN
DNS.5 = mail.$DOMAIN
DNS.6 = test.$DOMAIN
[ req_attributes ]
_EOF_
) && openssl req -in "$FN.csr" -noout -text -verify
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.