Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
create self signed certificates
DOMAIN ?= mydomain.com
COUNTRY := IT
STATE := IT
COMPANY := Evil Corp.
# credits to: https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
# usage:
# make rootCA.crt # (rootCA.key implicitly created)
# make DOMAIN=somedomain.dev somedomain.dev.csr somedomain.dev.crt or make DOMAIN=somedomain.dev
# make DOMAIN=somedomain.dev verify-csr
# make DOMAIN=somedomain.dev verify-crt
# import rootCA.crt to the client (chrome)
# upload somedomain.dev.crt and somedomain.dev.key to the host
all: $(DOMAIN).csr $(DOMAIN).crt
rootCA.key:
openssl genrsa -out rootCA.key 4096
# create and self sign root certificate
rootCA.crt: rootCA.key
echo "$(COUNTRY)\n$(STATE)\n\n$(COMPANY)\n\n\n\n" | openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out $@
$(DOMAIN).key:
openssl genrsa -out $@ 2048
$(DOMAIN).conf:
sh mkconf.sh $(DOMAIN) >$@
$(DOMAIN).csr: $(DOMAIN).key $(DOMAIN).conf
openssl req -new -sha256 -key $(DOMAIN).key -subj "/C=$(COUNTRY)/ST=$(STATE)/O=$(COMPANY)/CN=$(DOMAIN)" \
-reqexts SAN \
-config $(DOMAIN).conf \
-out $@
# verify .csr content
.PHONY: verify-csr
verify-csr:
openssl req -in $(DOMAIN).csr -noout -text
$(DOMAIN).san.conf:
sh mksan.sh $(DOMAIN) $(COUNTRY) $(STATE) "$(COMPANY)" >$@
$(DOMAIN).crt: rootCA.key rootCA.crt $(DOMAIN).csr $(DOMAIN).san.conf
openssl x509 -req -in $(DOMAIN).csr -CA ./rootCA.crt -CAkey ./rootCA.key \
-CAcreateserial -out $@ -days 500 -sha256 \
-extfile $(DOMAIN).san.conf -extensions req_ext
# verify the certificate
.PHONY: verify-crt
verify-crt:
openssl x509 -in $(DOMAIN).crt -text -noout
.PHONY: clean
clean:
-rm -f $(DOMAIN).key $(DOMAIN).csr $(DOMAIN).conf $(DOMAIN).san.conf $(DOMAIN).crt
#!/bin/sh
cat <<EOF
$(cat /etc/ssl/openssl.cnf)
[SAN]
subjectAltName=DNS:$1,DNS:www.$1
EOF
#!/bin/sh
cat <<EOF
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[req_distinguished_name]
countryName = $2
stateOrProvinceName = $3
organizationName = $4
commonName = $1
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = $1
DNS.2 = www.$1
EOF
@klockeph

This comment has been minimized.

Copy link

commented Mar 7, 2019

Thanks for the nice gist!

Your Makefile has a slight bug though:
In the recipe for rootCA.crt you either have to use echo -ne or printf, otherwise the escape sequences won't be treated correctly.

@xenogenesi

This comment has been minimized.

Copy link
Owner Author

commented Apr 17, 2019

Hi @klockeph, sorry I seen the comment only today, you're right (I'm using zsh and echo escape the sequence correctly but...), I would/will replace it with printf, should be more posix if I recall correctly. Thanks for letting me know

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.