pettinen/create-certificate.sh

## create-certificate.sh
#!/bin/bash
# Create a self-signed SSL certificate with OpenSSL.
# libfaketime is required to customize the validity period.

HOSTNAME="flipflap"
IPADDR="0.0.0.0"
RSA_BITS=2048

FROM="2017-01-01 00:00:00"
DAYS=8400  # valid until 2040-01-01
SUBJ="/C=KP/L=The Internet/O=Meme Factory/CN=${HOSTNAME}"

KEY="key.pem"
CERT="cert.pem"


read -d '' CONFIG << EOF
distinguished_name = req_distinguished_name
x509_extensions = v3_req

[v3_req]
subjectAltName = DNS:${HOSTNAME}, IP:${IPADDR}
basicConstraints = critical, CA:FALSE

[req_distinguished_name]
EOF

[ -f "$KEY" ] || (openssl genrsa -out "$KEY" $RSA_BITS && chmod 600 "$KEY")

[ -f "$CERT" ] || TZ=UTC faketime -f "$FROM" \
    openssl req -verbose -new -x509 -config <(echo "$CONFIG") \
                -key "$KEY" -days $DAYS -subj "$SUBJ" -out "$CERT"

[ -f "$CERT" ] && openssl x509 -in "$CERT" -text -noout
	#!/bin/bash
	# Create a self-signed SSL certificate with OpenSSL.
	# libfaketime is required to customize the validity period.

	HOSTNAME="flipflap"
	IPADDR="0.0.0.0"
	RSA_BITS=2048

	FROM="2017-01-01 00:00:00"
	DAYS=8400 # valid until 2040-01-01
	SUBJ="/C=KP/L=The Internet/O=Meme Factory/CN=${HOSTNAME}"

	KEY="key.pem"
	CERT="cert.pem"


	read -d '' CONFIG << EOF
	distinguished_name = req_distinguished_name
	x509_extensions = v3_req

	[v3_req]
	subjectAltName = DNS:${HOSTNAME}, IP:${IPADDR}
	basicConstraints = critical, CA:FALSE

	[req_distinguished_name]
	EOF

	[ -f "$KEY" ] \|\| (openssl genrsa -out "$KEY" $RSA_BITS && chmod 600 "$KEY")

	[ -f "$CERT" ] \|\| TZ=UTC faketime -f "$FROM" \
	openssl req -verbose -new -x509 -config <(echo "$CONFIG") \
	-key "$KEY" -days $DAYS -subj "$SUBJ" -out "$CERT"

	[ -f "$CERT" ] && openssl x509 -in "$CERT" -text -noout