Created
August 10, 2022 14:04
-
-
Save moyarich/2816781b1459745ef6ceee72cc7ae47f to your computer and use it in GitHub Desktop.
create ssl certificate using Openssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#code works on macbook | |
#Author Moya Richards | |
function create_ssl_certificate(){ | |
local cert_dir=$1 | |
local domain_name=$2 | |
local expire=${3:-365} | |
local corporation=${4:-My-Corporation} | |
local group=${5:-My-Corporate-Group} | |
local city=${6:-City} | |
local state=${7:-State} | |
local country=${8:-US} | |
local subject="/CN=$domain_name/OU=$group/O=$corporation/L=$city/ST=$state/C=$country" | |
mkdir -p $cert_dir && chmod 0700 $cert_dir | |
#------Root certificate --------------------- | |
local cert_root_dir="$( cd $cert_dir/..; pwd)/CAroot/"; | |
echo $cert_root_dir; | |
mkdir -p $cert_root_dir && chmod 0700 $cert_root_dir | |
local CA_KEY="$cert_root_dir/ca.key" #private key | |
local CA_CRT="$cert_root_dir/ca.crt" #public key | |
create_ca_certificate $cert_root_dir 3650 "ca.key" "ca.crt" | |
cd $cert_dir | |
#-------Site SSL Certificate ---------------- | |
echo "Generate key and csr: creating private key and certificate signing request (CSR) with passphrase removed" | |
openssl req -new \ | |
-newkey rsa:4096 -nodes -sha256 -keyout ${domain_name}.key \ | |
-out ${domain_name}-req.csr \ | |
-subj ${subject} | |
echo "Sign ${domain_name}-req.csr certificate signing request (CSR) with Certificate Authority key and certificate" | |
echo subjectAltName = DNS.1:${domain_name} > extfile.cnf | |
openssl x509 -req -days $expire -sha256 \ | |
-in ${domain_name}-req.csr -CA ${CA_CRT} -CAkey ${CA_KEY} -CAcreateserial \ | |
-extfile extfile.cnf \ | |
-out ${domain_name}.crt | |
echo "\nGenerated Private Key: ${domain_name}.key " | |
echo "Generated Public Key: ${domain_name}.crt" | |
} | |
function create_ca_certificate(){ | |
local cert_dir=$1 | |
local expire=${2:-365} | |
local CA_KEY=${3:-"ca.key"} #private key | |
local CA_CRT=${4:-"ca.crt"} #public key | |
local subject=${5:-"/CN=Root Certicate/"} | |
mkdir -p $cert_dir && chmod 0700 $cert_dir | |
cd $cert_dir | |
local days_left=$(certDaysRemaining $CA_CRT) | |
echo "days_left" $days_left | |
if [[ ! -f $CA_KEY && ! -f $CA_CRT] || $days_left -lt 90 ]]; then | |
#recreate if file doesn't exists or expires in 90 days - 3 months | |
echo "Generate ROOT certificate to become a local Certificate Authority" | |
openssl req -x509 -nodes -days $expire -newkey rsa:4096 \ | |
-keyout $CA_KEY -out $CA_CRT \ | |
-subj $subject | |
else | |
echo "$CA_KEY and $CA_CRT exists and has not expired, using them to generate certs" | |
fi | |
echo "\nAdding the Root Certificate to macOS Keychain: \nEnter admin password if requested." | |
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" $CA_CRT | |
#------------------------------------------- | |
} | |
# Checks to see if the site has a valid SSL Certificate | |
# Displays the number of remaining days for certificate validity (If negative, number of days since expiry) | |
function certDaysRemaining(){ | |
local cert=$1 | |
local days_left=0; | |
local expire_date | |
if [[ -f $cert ]]; then | |
# read the dates on each certificate | |
local ENDDATE=$(openssl x509 -noout -in "${cert}" -enddate 2>/dev/null) | |
if [[ -z "$ENDDATE" ]]; then | |
# this cert could not be read. | |
printf "INFO - $cert could not be loaded by openssl\n" >&2 | |
else | |
# Remove "notAfter=" from ENDDATE variable for reporting | |
expire_date=`echo $ENDDATE | awk -F notAfter= '{print $NF}'` | |
local current_date_epoch=$(date +%s) | |
local expire_date_epoch=$(date -j -f "%b %e %T %Y %Z" "$expire_date" "+%s") | |
days_left=$(( (expire_date_epoch - current_date_epoch)/(3600*24) )) || 0 | |
fi | |
fi | |
#log messages | |
echo "\n$days_left days remaining for SSL certificate: $cert" >&2 | |
if [[ ! -z "$expire_date" ]]; then | |
echo "Expiration date : $expire_date " >&2 | |
fi | |
echo $days_left #function return value | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment