burnz · January 8, 2020 00:18
diff --git a/Makefile b/Makefile

 DOMAIN ?= mydomain.com

 COUNTRY := IT
 STATE := IT
 COMPANY := Evil Corp.

 # credits to: https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309

 # usage:
 # make rootCA.crt # (rootCA.key implicitly created)
 # make DOMAIN=somedomain.dev somedomain.dev.csr somedomain.dev.crt   or   make DOMAIN=somedomain.dev
 # make DOMAIN=somedomain.dev verify-csr
 # make DOMAIN=somedomain.dev verify-crt

 # import rootCA.crt to the client (chrome)
 # upload somedomain.dev.crt   and   somedomain.dev.key   to the host

 all: $(DOMAIN).csr $(DOMAIN).crt


 rootCA.key:
 	openssl genrsa -out rootCA.key 4096

 # create and self sign root certificate
 rootCA.crt: rootCA.key
 	echo "$(COUNTRY)\n$(STATE)\n\n$(COMPANY)\n\n\n\n" | openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out $@

 $(DOMAIN).key:
 	openssl genrsa -out $@ 2048

 $(DOMAIN).conf:
 	sh mkconf.sh $(DOMAIN) >$@

 $(DOMAIN).csr: $(DOMAIN).key $(DOMAIN).conf
 	openssl req -new -sha256 -key $(DOMAIN).key -subj "/C=$(COUNTRY)/ST=$(STATE)/O=$(COMPANY)/CN=$(DOMAIN)" \
 		-reqexts SAN \
 		-config $(DOMAIN).conf \
 		-out $@

 # verify .csr content
 .PHONY: verify-csr
 verify-csr:
 	openssl req  -in $(DOMAIN).csr -noout -text

 $(DOMAIN).san.conf:
 	sh mksan.sh $(DOMAIN) $(COUNTRY) $(STATE) "$(COMPANY)" >$@

 $(DOMAIN).crt: rootCA.key rootCA.crt $(DOMAIN).csr $(DOMAIN).san.conf
 	openssl x509 -req -in $(DOMAIN).csr -CA ./rootCA.crt -CAkey ./rootCA.key \
 		-CAcreateserial -out $@ -days 500 -sha256 \
 		-extfile $(DOMAIN).san.conf -extensions req_ext

 # verify the certificate
 .PHONY: verify-crt
 verify-crt:
 	openssl x509 -in $(DOMAIN).crt -text -noout

 .PHONY: clean
 clean:
 	-rm -f $(DOMAIN).key $(DOMAIN).csr $(DOMAIN).conf $(DOMAIN).san.conf $(DOMAIN).crt
diff --git a/mkconf.sh b/mkconf.sh
 #!/bin/sh

 cat <<EOF
 $(cat /etc/ssl/openssl.cnf)

 [SAN]
 subjectAltName=DNS:$1,DNS:www.$1
 EOF
diff --git a/mksan.sh b/mksan.sh
 #!/bin/sh

 cat <<EOF
 [req]
 default_bits       = 2048
 distinguished_name = req_distinguished_name
 req_extensions     = req_ext

 [req_distinguished_name]
 countryName                 = $2
 stateOrProvinceName         = $3
 organizationName           = $4
 commonName                 = $1

 [req_ext]
 subjectAltName = @alt_names
 [alt_names]
 DNS.1   = $1
 DNS.2   = www.$1
 EOF

	DOMAIN ?= mydomain.com

	COUNTRY := IT
	STATE := IT
	COMPANY := Evil Corp.

	# credits to: https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309

	# usage:
	# make rootCA.crt # (rootCA.key implicitly created)
	# make DOMAIN=somedomain.dev somedomain.dev.csr somedomain.dev.crt or make DOMAIN=somedomain.dev
	# make DOMAIN=somedomain.dev verify-csr
	# make DOMAIN=somedomain.dev verify-crt

	# import rootCA.crt to the client (chrome)
	# upload somedomain.dev.crt and somedomain.dev.key to the host

	all: $(DOMAIN).csr $(DOMAIN).crt


	rootCA.key:
	openssl genrsa -out rootCA.key 4096

	# create and self sign root certificate
	rootCA.crt: rootCA.key
	echo "$(COUNTRY)\n$(STATE)\n\n$(COMPANY)\n\n\n\n" \| openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out $@

	$(DOMAIN).key:
	openssl genrsa -out $@ 2048

	$(DOMAIN).conf:
	sh mkconf.sh $(DOMAIN) >$@

	$(DOMAIN).csr: $(DOMAIN).key $(DOMAIN).conf
	openssl req -new -sha256 -key $(DOMAIN).key -subj "/C=$(COUNTRY)/ST=$(STATE)/O=$(COMPANY)/CN=$(DOMAIN)" \
	-reqexts SAN \
	-config $(DOMAIN).conf \
	-out $@

	# verify .csr content
	.PHONY: verify-csr
	verify-csr:
	openssl req -in $(DOMAIN).csr -noout -text

	$(DOMAIN).san.conf:
	sh mksan.sh $(DOMAIN) $(COUNTRY) $(STATE) "$(COMPANY)" >$@

	$(DOMAIN).crt: rootCA.key rootCA.crt $(DOMAIN).csr $(DOMAIN).san.conf
	openssl x509 -req -in $(DOMAIN).csr -CA ./rootCA.crt -CAkey ./rootCA.key \
	-CAcreateserial -out $@ -days 500 -sha256 \
	-extfile $(DOMAIN).san.conf -extensions req_ext

	# verify the certificate
	.PHONY: verify-crt
	verify-crt:
	openssl x509 -in $(DOMAIN).crt -text -noout

	.PHONY: clean
	clean:
	-rm -f $(DOMAIN).key $(DOMAIN).csr $(DOMAIN).conf $(DOMAIN).san.conf $(DOMAIN).crt
	#!/bin/sh

	cat <<EOF
	$(cat /etc/ssl/openssl.cnf)

	[SAN]
	subjectAltName=DNS:$1,DNS:www.$1
	EOF
	#!/bin/sh

	cat <<EOF
	[req]
	default_bits = 2048
	distinguished_name = req_distinguished_name
	req_extensions = req_ext

	[req_distinguished_name]
	countryName = $2
	stateOrProvinceName = $3
	organizationName = $4
	commonName = $1

	[req_ext]
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = $1
	DNS.2 = www.$1
	EOF