Skip to content

Instantly share code, notes, and snippets.

@mrvanes

mrvanes/mksscert

Created May 13, 2020 08:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mrvanes/04930934d642d7417e31adbd34304db3 to your computer and use it in GitHub Desktop.
Save mrvanes/04930934d642d7417e31adbd34304db3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mksscert
#!/bin/sh
DOMAIN=$1
if [ "$DOMAIN" = "" ]; then
echo "Please supply domain"
exit
fi
CONFFILE=/tmp/${DOMAIN}-$$.cnf
C=NL
O=${DOMAIN}
CN=${DOMAIN}
#ST="ST"
#OU="OU"
EMAIL="info@${DOMAIN}"
YEARS=10
# Create configuration
DAYS=$(( $YEARS * 365))
echo "Generating CONF file"
cat <<@eof >$CONFFILE
extensions = extend
[req] # openssl req params
prompt = no
distinguished_name = dn-param
[dn-param] # DN fields
C = $C
O = $O
CN = $CN
emailAddress = $EMAIL
[extend] # openssl extensions
subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN}
@eof
# Generate SelfSigned cert
echo "Generating key"
openssl genrsa -out ${DOMAIN}.key 2048
echo "Generating csr"
openssl req -new -key ${DOMAIN}.key -config $CONFFILE -out ${DOMAIN}.csr
echo "Generating crt"
openssl x509 -req -sha256 -days $DAYS -in ${DOMAIN}.csr -signkey ${DOMAIN}.key -text -extfile $CONFFILE -out ${DOMAIN}.crt
rm $CONFFILE
echo "Show crt"
openssl x509 -in ${DOMAIN}.crt -noout -text -certopt no_sigdump,no_pubkey
echo "Verify crt"
openssl verify -check_ss_sig -CAfile ${DOMAIN}.crt ${DOMAIN}.crt
echo "Create pfx using pwd welkom"
openssl pkcs12 -export -passout pass:welkom -in ${DOMAIN}.crt -inkey ${DOMAIN}.key -out ${DOMAIN}.pfx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment