Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
create self signed certificates
DOMAIN ?= mydomain.com
COUNTRY := IT
STATE := IT
COMPANY := Evil Corp.
# credits to: https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
# usage:
# make rootCA.crt # (rootCA.key implicitly created)
# make DOMAIN=somedomain.dev somedomain.dev.csr somedomain.dev.crt or make DOMAIN=somedomain.dev
# make DOMAIN=somedomain.dev verify-csr
# make DOMAIN=somedomain.dev verify-crt
# import rootCA.crt to the client (chrome)
# upload somedomain.dev.crt and somedomain.dev.key to the host
all: $(DOMAIN).csr $(DOMAIN).crt
rootCA.key:
openssl genrsa -out rootCA.key 4096
# create and self sign root certificate
rootCA.crt: rootCA.key
echo "$(COUNTRY)\n$(STATE)\n\n$(COMPANY)\n\n\n\n" | openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out $@
$(DOMAIN).key:
openssl genrsa -out $@ 2048
$(DOMAIN).conf:
sh mkconf.sh $(DOMAIN) >$@
$(DOMAIN).csr: $(DOMAIN).key $(DOMAIN).conf
openssl req -new -sha256 -key $(DOMAIN).key -subj "/C=$(COUNTRY)/ST=$(STATE)/O=$(COMPANY)/CN=$(DOMAIN)" \
-reqexts SAN \
-config $(DOMAIN).conf \
-out $@
# verify .csr content
.PHONY: verify-csr
verify-csr:
openssl req -in $(DOMAIN).csr -noout -text
$(DOMAIN).san.conf:
sh mksan.sh $(DOMAIN) $(COUNTRY) $(STATE) "$(COMPANY)" >$@
$(DOMAIN).crt: rootCA.key rootCA.crt $(DOMAIN).csr $(DOMAIN).san.conf
openssl x509 -req -in $(DOMAIN).csr -CA ./rootCA.crt -CAkey ./rootCA.key \
-CAcreateserial -out $@ -days 500 -sha256 \
-extfile $(DOMAIN).san.conf -extensions req_ext
# verify the certificate
.PHONY: verify-crt
verify-crt:
openssl x509 -in $(DOMAIN).crt -text -noout
.PHONY: clean
clean:
-rm -f $(DOMAIN).key $(DOMAIN).csr $(DOMAIN).conf $(DOMAIN).san.conf $(DOMAIN).crt
#!/bin/sh
cat <<EOF
$(cat /etc/ssl/openssl.cnf)
[SAN]
subjectAltName=DNS:$1,DNS:www.$1
EOF
#!/bin/sh
cat <<EOF
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[req_distinguished_name]
countryName = $2
stateOrProvinceName = $3
organizationName = $4
commonName = $1
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = $1
DNS.2 = www.$1
EOF
@klockeph

This comment has been minimized.

Copy link

@klockeph klockeph commented Mar 7, 2019

Thanks for the nice gist!

Your Makefile has a slight bug though:
In the recipe for rootCA.crt you either have to use echo -ne or printf, otherwise the escape sequences won't be treated correctly.

@xenogenesi

This comment has been minimized.

Copy link
Owner Author

@xenogenesi xenogenesi commented Apr 17, 2019

Hi @klockeph, sorry I seen the comment only today, you're right (I'm using zsh and echo escape the sequence correctly but...), I would/will replace it with printf, should be more posix if I recall correctly. Thanks for letting me know

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment