gen-ssl-cert.sh

#!/bin/bash
#
# Usage:
#   gen-ssl-cert.sh [common name]
#
# If common name is specified, it is used as the common name (i.e. server name)
# for the certificate. If omitted, a placeholder is used.

# exit on error
set -e

# command line options
common_name=${1:-snake-oil.example.com}

# create a working directory
workdir=$(mktemp --tmpdir=$(pwd) -d ssl-cert-XXXXXX)
echo "Creating key and certificates in ${workdir}..."
cd "${workdir}"

echo "Creating private key..."
openssl genrsa -out server.key 1024

echo "Creating signing request..."
cat >cert-config.txt <<EOI
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
C                      = GB
ST                     = Test State or Province
L                      = Test Locality
O                      = Test Organization Name
OU                     = Test Organizational Unit Name
CN                     = ${common_name}
emailAddress           = [email protected]
EOI
openssl req -batch -new -key server.key -out server.csr -config cert-config.txt

echo "Creating certificate..."
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

echo "Key generation complete:"

echo " Server key: ${workdir}/server.key"
echo "Server cert: ${workdir}/server.crt"