make-self-signed-cert-openssl.sh

#!/bin/sh

if test $# -lt 2; then
        echo "Usage: $0 <common name> <output> [ca options ...]" >&2
        exit 1
fi

cn=$1
out=$2
shift 2

dir=$(mktemp -d)

trap "rm -rf $dir" EXIT

cat <<EOF >$dir/ssleay.cnf
RANDFILE                = /dev/urandom

[ req ]
default_bits            = 2048
distinguished_name      = req_distinguished_name
prompt                  = no

[ ca ]
default_ca              = ca_default

[ ca_default ]
certs                   = $dir
new_certs_dir           = $dir
database                = $dir/index
serial                  = $dir/serial
default_startdate       = 500101000000Z
default_enddate         = 491231235959Z
default_md              = sha256
policy                  = policy_anything
x509_extensions         = v3_req

[ req_distinguished_name ]
commonName              = $cn

[ v3_req ]
basicConstraints        = CA:FALSE

[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional
EOF

touch $dir/index
echo 00 >$dir/serial
openssl req -config $dir/ssleay.cnf -new -nodes -out $dir/csr.pem -keyout $dir/key.pem
openssl ca -config $dir/ssleay.cnf -batch -notext -selfsign -in $dir/csr.pem -keyfile $dir/key.pem -out $dir/crt.pem "$@"
cat $dir/key.pem $dir/crt.pem >$out