Last active
November 22, 2019 13:41
-
-
Save niiku-y/feaf7a2d4b4111641480dd4e9f737212 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# make_certs.sh | |
# ---------------------------- | |
# generate private key file, certificate signing request, | |
# and self-signed certificates with Subject Alternative Name. | |
# | |
# environment: | |
# ubuntu 18.04 , openssl 1.1.1 | |
# | |
# if you want to use @-notation in subjectAltName , | |
# then you can write the text file SAN-${COMMON_NAME].txt as following : | |
# --- | |
# $ cat SAN-foo.bar.local.txt | |
# subjectAltName=@alt_names | |
# [alt_names] | |
# DNS.1 = foo.bar.local | |
# IP.1 = 10.20.30.40 | |
# $ | |
# --- | |
function usage() { | |
echo "$0 [common name]" | |
} | |
if [ $# -lt 1 ]; then | |
usage | |
exit 0 | |
fi | |
COMMON_NAME=$1 | |
OUTDIR=certs | |
# private key file | |
KEY_FILE=${OUTDIR}/${COMMON_NAME}.key | |
# certificate signing request file | |
CSR_FILE=${OUTDIR}/${COMMON_NAME}.csr | |
# self-signed certificates | |
CRT_FILE=${OUTDIR}/${COMMON_NAME}.crt | |
# Subject Alternative Name | |
# e.g. DNS, IP-Address | |
EXT_FILE=SAN-${COMMON_NAME}.txt | |
SUBJECT="/C=JP/ST=Tokyo/O=example.org/CN=${COMMON_NAME}/" | |
DAYS=365 | |
mkdir -p ${OUTDIR} | |
if [ ! -f ${EXT_FILE} ]; then | |
echo "extfile [${EXT_FILE}] not found. create ..." | |
echo "subjectAltName=DNS:${COMMON_NAME}" > ${EXT_FILE} | |
fi | |
echo "" | |
echo "create key file and csr file ..." | |
openssl req -nodes -new \ | |
-newkey rsa:4096 \ | |
-keyout ${KEY_FILE} \ | |
-out ${CSR_FILE} \ | |
-subj ${SUBJECT} \ | |
-days ${DAYS} | |
echo "key [${KEY_FILE}]" | |
ls -l ${KEY_FILE} | |
echo "csr [${CSR_FILE}]" | |
ls -l ${CSR_FILE} | |
echo "" | |
echo "create crt file" | |
openssl x509 \ | |
-in ${CSR_FILE} \ | |
-out ${CRT_FILE} \ | |
-req -signkey ${KEY_FILE} \ | |
-extfile ${EXT_FILE} \ | |
-days ${DAYS} | |
if [ ! -f ${CRT_FILE} ]; then | |
echo "" | |
echo "crt file [${CRT_FILE}] not found." | |
exit 1 | |
fi | |
echo "crt [${CRT_FILE}]" | |
ls -l ${CRT_FILE} | |
echo "" | |
echo "confirm certificates" | |
openssl x509 -text -noout -in ${CRT_FILE} | |
echo "" | |
echo "done." | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment