Created
January 6, 2016 20:56
-
-
Save Manc/e0712c08ea3e338501f0 to your computer and use it in GitHub Desktop.
Generate new private key and Certificate Signing Request (CSR) for SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ------------------------------------------------------------------------------ | |
| # This script will generate a new private key and a Certificate Signing Request | |
| # (CSR) using OpenSSL. | |
| # This script is non-interactive. Instead it uses the variables set at the | |
| # beginning of this script. Alternatively you can adapt this script easily | |
| # to read the values differently as required. | |
| # Developed and tested on Mac OS only, but should work on Linux too. | |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. | |
| # | |
| # Created by Nick Zahn, Cloud Under Ltd - https://cloudunder.io | |
| # ------------------------------------------------------------------------------ | |
| # Replace the following values: | |
| COMMONNAME="cloudunder.io" # Domain name, e.g. "cloudunder.io" | |
| ORGANISATION="Cloud Under Ltd" # e.g. company | |
| LOCALITY="Manchester" # e.g. city | |
| STATE="England" # state or province name | |
| COUNTRY="GB" # 2 letter code, e.g. "GB", "US", "DE" | |
| # ------------------------------------------------------------------------------ | |
| # NO NEED TO EDIT ANYTHING BELOW THIS LINE (unless you want to) | |
| # ------------------------------------------------------------------------------ | |
| YEAR=$(date +"%Y") | |
| DATE=$(date +"%Y-%m-%d") | |
| TARGET_DIR="${COMMONNAME}/${DATE}" | |
| PRIVATE_KEY_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_private.pem" | |
| CERT_SIGN_REQUEST_FILE="${TARGET_DIR}/${COMMONNAME}_${YEAR}_csr.pem" | |
| cat <<EOF > .temp-openssl-config | |
| [ req ] | |
| default_bits = 2048 | |
| distinguished_name = req_distinguished_name | |
| prompt = no | |
| encrypt_key = no | |
| string_mask = utf8only | |
| req_extensions = v3_req | |
| [ req_distinguished_name ] | |
| C = ${COUNTRY} | |
| ST = ${STATE} | |
| L = ${LOCALITY} | |
| O = ${ORGANISATION} | |
| CN = ${COMMONNAME} | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| EOF | |
| if [ -d "${TARGET_DIR}" ]; then | |
| echo "Target directory already exists: ${TARGET_DIR}" | |
| echo "Remove or rename it before you try again." | |
| exit 1 | |
| fi | |
| mkdir -p ${TARGET_DIR} | |
| openssl genrsa -out ${PRIVATE_KEY_FILE} 2048 | |
| openssl req -new -config .temp-openssl-config -key ${PRIVATE_KEY_FILE} -out ${CERT_SIGN_REQUEST_FILE} | |
| rm -f .temp-openssl-config | |
| # Check | |
| M_RSA=$(openssl rsa -noout -modulus -in ${PRIVATE_KEY_FILE}) | |
| M_REQ=$(openssl req -noout -modulus -in ${CERT_SIGN_REQUEST_FILE}) | |
| if [ "${M_RSA}" != "${M_REQ}" ]; then | |
| echo "Something went wrong. Private key and CSR files don't match." | |
| exit 1 | |
| fi | |
| echo "Done. Files generated:" | |
| echo "" | |
| echo " 1. Private key:" | |
| echo " ${PRIVATE_KEY_FILE}" | |
| echo " > Keep this file safe. It will be required on the web server." | |
| echo "" | |
| echo " 2. Certificate Signing Request (CSR):" | |
| echo " ${CERT_SIGN_REQUEST_FILE}" | |
| echo " > Submit this file to the SSL certificate provider." | |
| echo "" | |
| echo "To see the decoded contents of the CSR file, run the following command:" | |
| echo " openssl req -verify -noout -text -in ${CERT_SIGN_REQUEST_FILE}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment