Skip to content

Instantly share code, notes, and snippets.

@anythingcodes
Forked from david-mooney/ssc-guide.sh
Last active December 24, 2020 17:35
Show Gist options
  • Save anythingcodes/efbaf948b65809d3fded6d00e8030825 to your computer and use it in GitHub Desktop.
Save anythingcodes/efbaf948b65809d3fded6d00e8030825 to your computer and use it in GitHub Desktop.
export prefix="ghost"
echo "Removing Existing Files"
rm -f ca.*
rm -f ghost.*
echo "Creating SSL Config File"
cat <<EOF >$prefix.cnf
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = subject
req_extensions = v3_req
x509_extensions = v3_ca
string_mask = nombstr
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MA
localityName = Locality Name (eg, city)
localityName_default = Boston
organizationName = Organization Name (eg, company)
organizationName_default = HubSpot
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = ghost
emailAddress = Email Address
emailAddress_default = [email protected]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = ghost.liz.show
DNS.2 = *.liz.show
EOF
echo "Creating Certificate Authority Cert"
openssl genrsa -aes256 -out ca.key.pem 2048
chmod 400 ca.key.pem
openssl req -new -x509 -subj "/CN=myca" -extensions v3_ca -days 800 -key ca.key.pem -sha256 -out ca.pem -config $prefix.cnf
echo "Creating Signed Certificate"
openssl genrsa -out $prefix.key.pem 2048
openssl req -config $prefix.cnf -subj "/CN=$prefix" -extensions v3_req -sha256 -new -key $prefix.key.pem -out $prefix.csr
openssl x509 -req -extensions v3_req -days 800 -sha256 -in $prefix.csr -CA ca.pem -CAkey ca.key.pem -CAcreateserial -out $prefix.crt -extfile $prefix.cnf
echo "Certificate: "
openssl x509 -in $prefix.crt -text -noout
echo "Certificate Successfully Created"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment