SSL Certification Generator

ssl-cert-generator.sh

#!/bin/sh
# References this great tutorial for creating an own CA and certificates based on it:
# https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
#
# It is assumed that the CA cert is located at /etc/ssl/certs/root.pem and the CA key
# at /etc/ssl/private/root.key
#

if [ "$#" -ne 1 ]
then
  printf "Usage: Must supply a domain\n"
  exit 1
fi

DOMAIN=$1
PWD=$(pwd)
CERTS_DIR=/etc/ssl/certs
KEY_DIR=/etc/ssl/private

if [ ! -r "$KEY_DIR/root.key" ];
then
    printf "Cannot read $KEY_DIR/root.key please check if you are logged in as root and the file exists.\n"
    exit 1
fi

openssl genrsa -out "$KEY_DIR/$DOMAIN.key" 2048
openssl req -new -key "$KEY_DIR/$DOMAIN.key" -out "$CERTS_DIR/$DOMAIN.csr"

cat > "$CERTS_DIR/$DOMAIN.ext" << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
EOF

openssl x509 -req -in "$CERTS_DIR/$DOMAIN.csr" -CA "$CERTS_DIR/root.pem" -CAkey "$KEY_DIR/root.key" -CAcreateserial \
  -out "$CERTS_DIR/$DOMAIN.crt" -days 825 -sha256 -extfile "$CERTS_DIR/$DOMAIN.ext"
  
printf "Created the following files:\n"
printf "  $KEY_DIR/$DOMAIN.key\n"
printf "  $CERTS_DIR/$DOMAIN.csr\n"
printf "  $CERTS_DIR/$DOMAIN.ext\n"
printf "  $CERTS_DIR/$DOMAIN.crt\n"