Created
January 19, 2017 06:33
-
-
Save pettinen/c446fe999cc87d4dcbd8142a3d83e2e7 to your computer and use it in GitHub Desktop.
Create a self-signed SSL certificate with OpenSSL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Create a self-signed SSL certificate with OpenSSL. | |
# libfaketime is required to customize the validity period. | |
HOSTNAME="flipflap" | |
IPADDR="0.0.0.0" | |
RSA_BITS=2048 | |
FROM="2017-01-01 00:00:00" | |
DAYS=8400 # valid until 2040-01-01 | |
SUBJ="/C=KP/L=The Internet/O=Meme Factory/CN=${HOSTNAME}" | |
KEY="key.pem" | |
CERT="cert.pem" | |
read -d '' CONFIG << EOF | |
distinguished_name = req_distinguished_name | |
x509_extensions = v3_req | |
[v3_req] | |
subjectAltName = DNS:${HOSTNAME}, IP:${IPADDR} | |
basicConstraints = critical, CA:FALSE | |
[req_distinguished_name] | |
EOF | |
[ -f "$KEY" ] || (openssl genrsa -out "$KEY" $RSA_BITS && chmod 600 "$KEY") | |
[ -f "$CERT" ] || TZ=UTC faketime -f "$FROM" \ | |
openssl req -verbose -new -x509 -config <(echo "$CONFIG") \ | |
-key "$KEY" -days $DAYS -subj "$SUBJ" -out "$CERT" | |
[ -f "$CERT" ] && openssl x509 -in "$CERT" -text -noout |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment