Skip to content

Instantly share code, notes, and snippets.

@volkan

volkan/createRootCA.sh

Last active September 25, 2018 09:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save volkan/98e25e094231d3cb8c10129756b5cdfa to your computer and use it in GitHub Desktop.
Save volkan/98e25e094231d3cb8c10129756b5cdfa to your computer and use it in GitHub Desktop.
Download ZIP
self signed certificate wilcard
Raw
create_pfx_file.sh
openssl pkcs12 -export -out certificate.pfx -inkey server.key -in server.crt
Raw
createRootCA.sh
#!/usr/bin/env bash
openssl genrsa -des3 -passout pass:x -out rootCA.key 2048
openssl rsa -passin pass:x -in rootCA.key -out server.key
mv rootCA.key rootCA_withpass.key
cp server.key rootCA.key
openssl req -new -key rootCA.key -out server.csr -config <( cat server_csr.cnf )
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server_csr.cnf )
Raw
createSelfSignedCert.sh
#!/usr/bin/env bash
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_csr.cnf )
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 300 -sha256 -extfile v3.ext
Raw
server_csr.cnf
ts = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=TR
ST=Istanbul
L=L
O=End Point
OU=Company
emailAddress=mail@domain.com
CN = *.domain.com
Raw
v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.domain.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment