Created
December 7, 2017 13:35
-
-
Save sparkbuzz/5076fc84c31365f1951b0d8ca6aa4aa3 to your computer and use it in GitHub Desktop.
Generate a self-signed certificate with a SAN field
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -ne 1 ]; then | |
| echo 'Usage: ./selfsign <filename>'; | |
| exit 0; | |
| fi | |
| printf "Generating an SSL private key to sign your certificate...\n" | |
| openssl genrsa -des3 -out /tmp/$1.key 1024 | |
| printf "\nGenerating a Certificate Signing Request...\n" | |
| openssl req -new -key /tmp/$1.key -out /tmp/$1.csr | |
| printf "\nRemoving passphrase from key (for nginx)...\n" | |
| cp /tmp/$1.key /tmp/$1.key.org | |
| openssl rsa -in /tmp/$1.key.org -out /tmp/$1.key | |
| rm /tmp/$1.key.org | |
| printf "\nGenerating certificate...\n" | |
| #openssl x509 -req -days 365 -in /tmp/$1.csr -signkey /tmp/$1.key -out /tmp/$1.crt | |
| openssl req \ | |
| -newkey rsa:2048 \ | |
| -x509 \ | |
| -nodes \ | |
| -keyout /tmp/$1.key \ | |
| -new \ | |
| -out /tmp/$1.crt \ | |
| -subj /CN=localhost \ | |
| -reqexts SAN \ | |
| -extensions SAN \ | |
| -config <(cat /System/Library/OpenSSL/openssl.cnf \ | |
| <(printf '[SAN]\nsubjectAltName=DNS:localhost ')) \ | |
| -sha256 \ | |
| -days 3650 | |
| printf "\nCopying certificate ($1.crt) to /usr/local/etc/nginx/ssl/certs/\n" | |
| mkdir -p /usr/local/etc/nginx/ssl/certs | |
| mv /tmp/$1.crt /usr/local/etc/nginx/ssl/certs/ | |
| printf "\nCopying key ($1.key) to /usr/local/etc/nginx/ssl/private/\n" | |
| mkdir -p /usr/local/etc/nginx/ssl/private | |
| mv /tmp/$1.key /usr/local/etc/nginx/ssl/private/ | |
| rm /tmp/$1.csr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment