pwnlogs · August 12, 2021 06:34
diff --git a/create-ca.sh b/create-ca.sh
 #!/bin/sh

 # create Root CA's private key
 # > enter a strong password when prompted
 openssl genrsa -des3 -out root-ca-private-key.pem 2048

 # create and self sign CA's root certificate
 openssl req -x509 -new -nodes -key root-ca-private-key.pem -sha256 -days 1825 -out root-ca-certificate.crt

 # Sample Information (feel free to use the default values)
 # Country Name (2 letter code) [AU]:US
 # State or Province Name (full name) [Some-State]:California
 # Locality Name (eg, city) []:San-Francisco
 # Organization Name (eg, company) [Example]:
 # Organizational Unit Name (eg, section) [Technical Unit]:
 # Common Name (e.g. server FQDN or YOUR name) []:example.com
 # Email Address []:[email protected]

 # Change the permissions on the files
 # > allow read access to owner only
 chmod 400 root-ca-private-key.pem
 # > allow read access to (public) certificate by everyone
 chmod 444 root-ca-certificate.crt
diff --git a/create-certificate.sh b/create-certificate.sh
 #!/bin/sh

 # create certificate for a domain

 # verify arguments
 if [ "$#" -ne 1 ]; then
    echo "Usage: $0 domain-name"
    echo "    domain-name: the domain for which the certificate should be issued."
    exit
 fi

 # create private key
 openssl genrsa -out "${1}.priv-key.pem" 2048

 # create CSR (certificate signing request)
 openssl req -new -sha256 \
    -key "${1}.priv-key.pem" \
    -subj "/C=US/ST=CA/O=Example/CN=${1}" \
    -out "${1}.csr"


 # create exentions file
 cat > "${1}.ext" <<EOL

 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = ${1}
 EOL

 # create signed certificate
 openssl x509 -req -in "${1}.csr" \
    -CA root-ca-certificate.crt -CAkey root-ca-private-key.pem \
    -CAcreateserial    -out "${1}.crt"    -days 825    -sha256 \
    -extfile "${1}.ext"

 # set permissions
 chmod 444 "${1}.crt"
 chmod 400 "${1}.priv-key.pem"
 chmod 400 "${1}.csr"
 chmod 400 "${1}.ext"
	#!/bin/sh

	# create Root CA's private key
	# > enter a strong password when prompted
	openssl genrsa -des3 -out root-ca-private-key.pem 2048

	# create and self sign CA's root certificate
	openssl req -x509 -new -nodes -key root-ca-private-key.pem -sha256 -days 1825 -out root-ca-certificate.crt

	# Sample Information (feel free to use the default values)
	# Country Name (2 letter code) [AU]:US
	# State or Province Name (full name) [Some-State]:California
	# Locality Name (eg, city) []:San-Francisco
	# Organization Name (eg, company) [Example]:
	# Organizational Unit Name (eg, section) [Technical Unit]:
	# Common Name (e.g. server FQDN or YOUR name) []:example.com
	# Email Address []:[email protected]

	# Change the permissions on the files
	# > allow read access to owner only
	chmod 400 root-ca-private-key.pem
	# > allow read access to (public) certificate by everyone
	chmod 444 root-ca-certificate.crt
	#!/bin/sh

	# create certificate for a domain

	# verify arguments
	if [ "$#" -ne 1 ]; then
	echo "Usage: $0 domain-name"
	echo " domain-name: the domain for which the certificate should be issued."
	exit
	fi

	# create private key
	openssl genrsa -out "${1}.priv-key.pem" 2048

	# create CSR (certificate signing request)
	openssl req -new -sha256 \
	-key "${1}.priv-key.pem" \
	-subj "/C=US/ST=CA/O=Example/CN=${1}" \
	-out "${1}.csr"


	# create exentions file
	cat > "${1}.ext" <<EOL

	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = ${1}
	EOL

	# create signed certificate
	openssl x509 -req -in "${1}.csr" \
	-CA root-ca-certificate.crt -CAkey root-ca-private-key.pem \
	-CAcreateserial -out "${1}.crt" -days 825 -sha256 \
	-extfile "${1}.ext"

	# set permissions
	chmod 444 "${1}.crt"
	chmod 400 "${1}.priv-key.pem"
	chmod 400 "${1}.csr"
	chmod 400 "${1}.ext"