Skip to content

Instantly share code, notes, and snippets.

@sandipb
Created June 21, 2020 11:37
Show Gist options
  • Save sandipb/38ae381d442b3220ed69657a3ffe9e73 to your computer and use it in GitHub Desktop.
Save sandipb/38ae381d442b3220ed69657a3ffe9e73 to your computer and use it in GitHub Desktop.
Bash script to generate new server certificates and private key, for the OpenSSL Certificate Authority guide by Jamie
#!/bin/bash
# set -x
set -e
cd $(dirname $0)
# The path to the homebrew install on mac. Change to point to your own installation
OPENSSL="/usr/local/Cellar/openssl@1.1/1.1.1g/bin/openssl"
NAME=${1:?Need a hostname for generating certs}
DAYS=375
export SAN="DNS:$NAME"
# private key
echo -e "\n\n***** Generating private key"
$OPENSSL genrsa -out private/${NAME}.key 2048
# csr
echo -e "\n\n***** Generating CSR"
$OPENSSL req -new -sha256 \
-config openssl.cnf \
-key private/${NAME}.key \
-out csr/${NAME}.csr
# -reqexts san_env \
echo -e "\n\n***** Signing CSR"
$OPENSSL ca -notext -md sha256 \
-days ${DAYS} \
-config openssl.cnf \
-extensions server_cert \
-in csr/${NAME}.csr -out certs/${NAME}.crt
echo -e "\n\n***** Verifying cert"
$OPENSSL verify -CAfile certs/ca-chain.cert.pem certs/${NAME}.crt
echo -e "\n\n**** Creating cert chain"
cat certs/${NAME}.crt certs/intermediate.cert.pem > certs/${NAME}.chained.crt
echo -e "\n\n**** Files to copy:"
echo -e "\t- private/${NAME}.key"
echo -e "\t- certs/${NAME}.chained.crt"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment