Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bash script to generate new server certificates and private key, for the OpenSSL Certificate Authority guide by Jamie
#!/bin/bash
# set -x
set -e
cd $(dirname $0)
# The path to the homebrew install on mac. Change to point to your own installation
OPENSSL="/usr/local/Cellar/openssl@1.1/1.1.1g/bin/openssl"
NAME=${1:?Need a hostname for generating certs}
DAYS=375
export SAN="DNS:$NAME"
# private key
echo -e "\n\n***** Generating private key"
$OPENSSL genrsa -out private/${NAME}.key 2048
# csr
echo -e "\n\n***** Generating CSR"
$OPENSSL req -new -sha256 \
-config openssl.cnf \
-key private/${NAME}.key \
-out csr/${NAME}.csr
# -reqexts san_env \
echo -e "\n\n***** Signing CSR"
$OPENSSL ca -notext -md sha256 \
-days ${DAYS} \
-config openssl.cnf \
-extensions server_cert \
-in csr/${NAME}.csr -out certs/${NAME}.crt
echo -e "\n\n***** Verifying cert"
$OPENSSL verify -CAfile certs/ca-chain.cert.pem certs/${NAME}.crt
echo -e "\n\n**** Creating cert chain"
cat certs/${NAME}.crt certs/intermediate.cert.pem > certs/${NAME}.chained.crt
echo -e "\n\n**** Files to copy:"
echo -e "\t- private/${NAME}.key"
echo -e "\t- certs/${NAME}.chained.crt"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment