jontow · October 31, 2021 15:21
diff --git a/self-signed-cert.sh b/self-signed-cert.sh
 #!/bin/sh

 if [ -z "$2" ]; then
    echo "Syntax: $0 <commonname> <subjectaltnames>"
    echo ""
    echo "  <subjectaltname> example: 'DNS:example.com,DNS:www.example.com,IP:172.16.32.1'"
    echo ""
    exit 1
 fi

 common_name="$1"
 subject_altname="$2"

 ### Legacy method, does not support subjectAltName:
 #openssl req -x509 \
 #  -newkey rsa:4096 \
 #  -keyout "${common_name}.key" \
 #  -out "${common_name}.crt" \
 #  -sha256 \
 #  -days 3650 \
 #  -nodes \
 #  -subj "/C=US/ST=AK/L=SomeCity/O=Org/OU=Org/CN=${common_name}"

 ### New method, supports subjectAltName without config files:
 openssl req -x509 \
  -new \
  -nodes \
  -sha256 \
  -days 3650 \
  -subj "/C=US/ST=AK/L=SomeCity/O=Org/OU=Org/CN=${common_name}" \
  -addext  "subjectAltName = ${subject_altname}" \
  -newkey rsa:4096 \
  -keyout "${common_name}.key" \
  -out "${common_name}.crt"
	#!/bin/sh

	if [ -z "$2" ]; then
	echo "Syntax: $0 <commonname> <subjectaltnames>"
	echo ""
	echo " <subjectaltname> example: 'DNS:example.com,DNS:www.example.com,IP:172.16.32.1'"
	echo ""
	exit 1
	fi

	common_name="$1"
	subject_altname="$2"

	### Legacy method, does not support subjectAltName:
	#openssl req -x509 \
	# -newkey rsa:4096 \
	# -keyout "${common_name}.key" \
	# -out "${common_name}.crt" \
	# -sha256 \
	# -days 3650 \
	# -nodes \
	# -subj "/C=US/ST=AK/L=SomeCity/O=Org/OU=Org/CN=${common_name}"

	### New method, supports subjectAltName without config files:
	openssl req -x509 \
	-new \
	-nodes \
	-sha256 \
	-days 3650 \
	-subj "/C=US/ST=AK/L=SomeCity/O=Org/OU=Org/CN=${common_name}" \
	-addext "subjectAltName = ${subject_altname}" \
	-newkey rsa:4096 \
	-keyout "${common_name}.key" \
	-out "${common_name}.crt"