gistfile1.txt

#!/bin/bash

if [[ -z $1 ]]; then
  echo "Domain name does not provided"
  exit 1
fi

DOMAIN=$1

if cat "/usr/local/etc/openssl/localCA/index.txt" | grep ${DOMAIN}; then
  echo "Domain already exists"
  exit 0
fi

tee /usr/local/etc/openssl/localCA/${DOMAIN}.cnf << EOM
[ req ]
prompt = no
distinguished_name = server_distinguished_name
req_extensions = v3_req

[ server_distinguished_name ]
commonName = ${DOMAIN}
stateOrProvinceName = NSW
countryName = AU
emailAddress = root@localhost
organizationName = Localhost
organizationalUnitName = Local Development Environment

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
DNS.0 = *.${DOMAIN}
DNS.1 = ${DOMAIN}

EOM

export OPENSSL_CONF="/usr/local/etc/openssl/localCA/${DOMAIN}.cnf"
openssl req -newkey rsa:2048 -keyout /usr/local/etc/openssl/localCA/private/${DOMAIN}_key.pem -keyform PEM -out /usr/local/etc/openssl/localCA/${DOMAIN}_req.pem -outform PEM -nodes
openssl rsa < /usr/local/etc/openssl/localCA/private/${DOMAIN}_key.pem > /usr/local/etc/openssl/localCA/private/${DOMAIN}_key_encrypted.pem

export OPENSSL_CONF="/usr/local/etc/openssl/localCA/caconfig.cnf"
openssl ca -batch -in /usr/local/etc/openssl/localCA/${DOMAIN}_req.pem -out /usr/local/etc/openssl/localCA/certs/${DOMAIN}_crt.pem