Bash script to generate new server certificates and private key, for the OpenSSL Certificate Authority guide by Jamie

newcert.sh

#!/bin/bash
# set -x
set -e
cd $(dirname $0)

# The path to the homebrew install on mac. Change to point to your own installation
OPENSSL="/usr/local/Cellar/openssl@1.1/1.1.1g/bin/openssl"
NAME=${1:?Need a hostname for generating certs}
DAYS=375
export SAN="DNS:$NAME"

# private key
echo -e "\n\n***** Generating private key"
$OPENSSL genrsa -out private/${NAME}.key 2048

# csr
echo -e "\n\n***** Generating CSR"
$OPENSSL req -new -sha256 \
            -config openssl.cnf \
            -key private/${NAME}.key \
            -out csr/${NAME}.csr
            # -reqexts san_env \

echo -e "\n\n***** Signing CSR"
$OPENSSL ca -notext -md sha256 \
           -days ${DAYS} \
           -config openssl.cnf \
           -extensions server_cert \
           -in csr/${NAME}.csr -out certs/${NAME}.crt

echo -e "\n\n***** Verifying cert"
$OPENSSL verify -CAfile certs/ca-chain.cert.pem certs/${NAME}.crt

echo -e "\n\n**** Creating cert chain"
cat certs/${NAME}.crt certs/intermediate.cert.pem > certs/${NAME}.chained.crt

echo -e "\n\n**** Files to copy:"
echo -e "\t- private/${NAME}.key"
echo -e "\t- certs/${NAME}.chained.crt"