Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
openssl - certificates: create ca, create cert, sign cert, pack cert to p12
#!/bin/bash
openssl genrsa -des3 -out ca.key 4096 && \
echo "CA key generated, file ca.key. Now retype password to create cert" && \
openssl req -new -x509 -days 730 -key ca.key -out ca.crt && \
echo "CA cert generated, file: ca.crt"
#!/bin/bash
if [[ -n $1 ]]; then
openssl req -out "$1".csr -new -newkey rsa:4096 -nodes -keyout "$1".key && \
echo "$1.csr and $1.key created" && \
echo "Now sign csr with ca (type [ ./sign-cert.sh $1) ]"
else
echo "Missing argument 1: name of usage (usually server, or user short name, etc.)"
fi
#!/bin/bash
if [[ -n $1 ]]; then
./create-cert.sh $1 && \
./sign-cert.sh $1 && \
./pack-cert.sh $1
else
echo "Missing argument 1: name of cert"
fi
#!/bin/bash
if [[ -n $1 ]]; then
openssl pkcs12 -export -in "$1".crt -inkey "$1".key -name "$1 MrServis testing cert" -out "$1".p12 && \
echo "Cert packed into $1.p12"
else
echo "Missing argument 1: name of cert"
fi
#!/bin/bash
if [[ -n $1 ]]; then
openssl x509 -req -in "$1".csr -out "$1".crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 && \
echo "Cert created, file: $1.crt"
else
echo "Missing argument 1: name of cert"
fi
@trajakovic
Copy link
Author

Bring local by executing:

wget https://gist.githubusercontent.com/trajakovic/4db931dd955b9ddebf38/raw/create-ca-cert.sh -O create-ca-cert.sh && \
wget https://gist.githubusercontent.com/trajakovic/4db931dd955b9ddebf38/raw/create-cert.sh -O create-cert.sh && \
wget https://gist.githubusercontent.com/trajakovic/4db931dd955b9ddebf38/raw/sign-cert.sh -O sign-cert.sh && \
wget https://gist.githubusercontent.com/trajakovic/4db931dd955b9ddebf38/raw/pack-cert.sh -O pack-cert.sh && \
wget https://gist.githubusercontent.com/trajakovic/4db931dd955b9ddebf38/raw/create-sign-pack-cert.sh -O create-sign-pack-cert.sh

Make runnable:

chmod +x create-*.sh pack-cert.sh sign-cert.sh 

Order

  • create CA cert with ./create-ca-cert.sh
  • create custom cert with ./create-cert.sh myCert
  • sign custom cert with ./sign-cert.sh myCert
  • pack custom cert in p12 with ./pack-cert.sh myCert

Thanks

I'm lazy to write any error / repeat / bulletproof bash scripts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment