Shell script for generating self-signed certification and exporting a Java keystore file

gencrt.sh

#!/bin/bash

_echo() {
    echo
#    echo $1
    echo $'\e[0;33m'"$1"$'\e[0m'
}

_check() {
    [ $1 -eq 0 ] || exit $1
}

# create self-signed server certificate:

read -p "Enter your domain [www.example.com]: " DOMAIN

_echo "Create RSA key..."
openssl genrsa -des3 -out $DOMAIN.key 1024
_check $?

_echo "Remove password from ${DOMAIN}.key..."
mv $DOMAIN.key $DOMAIN.psw.key
openssl rsa -in $DOMAIN.psw.key -out $DOMAIN.key
_check $?

_echo "Make a certificate request..."
SUBJECT="/CN=$DOMAIN"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr

_echo "Create self-signed SSL certificate..."
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt

_echo "Format ${DOMAIN}.crt as pkcs12..."
openssl pkcs12 -export -in $DOMAIN.crt -inkey $DOMAIN.key -out client.pkcs12
_check $?

_echo "Export java keystore file..."
keytool -importkeystore -srckeystore client.pkcs12 -destkeystore client.jks -srcstoretype pkcs12
_check $?

echo "TODO:"
echo "Modify nginx configuration:"
echo "server {"
echo "    ..."
echo "    listen 443 ssl;"
echo "    ssl_certificate     /path/to/$DOMAIN.crt;"
echo "    ssl_certificate_key /path/to/$DOMAIN.key;"
echo "    ..."
echo "}"