Created
January 29, 2022 12:46
-
-
Save josfaber/e879a622244a411c8316bd1fb4f767b2 to your computer and use it in GitHub Desktop.
Create root authority and ssl self signed certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # file: selfsigned.csr.conf | |
| # --------------------------- | |
| # [req] | |
| # default_bits = 2048 | |
| # prompt = no | |
| # default_md = sha256 | |
| # distinguished_name = dn | |
| # | |
| # [dn] | |
| # C=NL | |
| # ST=Noord-Holland | |
| # L=Amsterdam | |
| # O=Company | |
| # OU=Development | |
| # [email protected] | |
| # CN=company.com | |
| # file: selfsigned.ext | |
| # --------------------------- | |
| # authorityKeyIdentifier=keyid,issuer | |
| # basicConstraints=CA:FALSE | |
| # keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
| # subjectAltName = @alt_names | |
| # | |
| # [alt_names] | |
| # DNS.1 = www.company.com | |
| # DNS.2 = www.company.eu | |
| echo "Create rootCA key" | |
| openssl genrsa -des3 -out rootCA.key 2048 | |
| echo "Create rootCA cert" | |
| openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem | |
| echo "Create self signed cert key" | |
| openssl req -new -sha256 -nodes -out selfsigned.csr -newkey rsa:2048 -keyout selfsigned.key -config <( cat selfsigned.csr.conf ) | |
| echo "Create self signed cert" | |
| openssl x509 -req -in selfsigned.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out selfsigned.crt -days 3650 -sha256 -extfile selfsigned.ext | |
| # (Then add rootCA.pem tot system certificates and trust always) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment