Created
March 6, 2015 12:23
-
-
Save Kirill888/8a5bffb8a2b4b9c47fda to your computer and use it in GitHub Desktop.
Script to generate self-signed certificate with optional alt names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| crt_print_conf() { | |
| CN="$1" | |
| ALT_NAMES="$2" | |
| cat <<EOF | |
| [req] | |
| distinguished_name = req_distinguished_name | |
| x509_extensions = v3_req | |
| prompt = no | |
| [v3_req] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer | |
| basicConstraints = CA:TRUE | |
| EOF | |
| [ -z "${ALT_NAMES}" ] || echo "subjectAltName = ${ALT_NAMES}" | |
| cat <<EOF | |
| [req_distinguished_name] | |
| CN = ${CN} | |
| EOF | |
| [ -z "${DN_C}" ] || echo "C = ${DN_C}" | |
| [ -z "${DN_ST}" ] || echo "ST = ${DN_ST}" | |
| [ -z "${DN_L}" ] || echo "L = ${DN_L}" | |
| [ -z "${DN_O}" ] || echo "O = ${DN_O}" | |
| [ -z "${DN_OU}" ] || echo "OU = ${DN_OU}" | |
| } | |
| crt_generate() { | |
| : ${DAYS:=3650} | |
| : ${BITS:=2048} | |
| CN=$1 | |
| ALT_NAMES=$2 | |
| if [ -e "${CN}.key" ] ; then | |
| echo "File already exists: ${CN}.key -- Aborting" | |
| exit 1 | |
| fi | |
| CFG="${CN}.cnf" | |
| crt_print_conf "${CN}" "${ALT_NAMES}" > "${CFG}" | |
| openssl req -x509 \ | |
| -nodes \ | |
| -config "${CFG}" \ | |
| -days ${DAYS} \ | |
| -newkey rsa:${BITS} \ | |
| -keyout ${CN}.key \ | |
| -out ${CN}.crt | |
| rm "${CFG}" | |
| openssl x509 -text < ${CN}.crt > ${CN}.about.txt | |
| echo " | |
| Generated following files: | |
| ${CN}.crt -- certificate | |
| ${CN}.key -- private key | |
| ${CN}.about.txt -- certificate info (delete after reviewing) | |
| " | |
| } | |
| if [ -z "$1" ] ; then | |
| echo " | |
| Usage: $0 hostname <altnames> | |
| where altnames is an optional comma separated list of alternative names | |
| For example 'DNS:other.com,DNS:localhost,IP:127.0.0.1' | |
| Environment variables: | |
| BITS -- number of bits to use for key (default: 2048) | |
| DAYS -- number of days certificate is valid for (default: 3650) | |
| DN_C -- Country code field (default: unset) | |
| DN_ST -- State field (default: unset) | |
| DN_L -- City field (default: unset) | |
| DN_O -- Organization field (default: unset) | |
| DN_OU -- Organization Unit field (default: unset) | |
| " | |
| exit 1 | |
| fi | |
| #Uncomment and change to defaults you want | |
| #: ${DN_C=AU} | |
| #: ${DN_ST=ACT} | |
| #: ${DN_L=Canberra} | |
| #: ${DN_O='Internet Widgets Ltd.'} | |
| crt_generate $@ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
with openssl version "OpenSSL 1.1.0g 2 Nov 2017" I had to modify line 19
from
[ -z "${ALT_NAMES}" ] || echo "subjectAltName = ${ALT_NAMES}"
to
[ -z "${ALT_NAMES}" ] || echo "subjectAltName = DNS:${ALT_NAMES}"
otherwise I had the error:
Error Loading extension section v3_req
140525094543808:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:../crypto/x509v3/v3_alt.c:496:
140525094543808:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=