ssc-guide.sh

export prefix="localhost"

echo "Creating Certificate '$prefix'"
echo "Creating SSL Config File"

cat <<EOF >$prefix.cnf
[ req ]
default_bits		= 2048
default_keyfile 	= privkey.pem
distinguished_name	= subject
req_extensions		= v3_req
x509_extensions		= v3_ca	
string_mask 		= nombstr

[ subject ]
countryName			= Country Name (2 letter code)
countryName_default		= US
countryName_min			= 2
countryName_max			= 2

stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= MA

localityName			= Locality Name (eg, city)
localityName_default  		= Boston

organizationName         	= Organization Name (eg, company)
organizationName_default	= HubSpot

commonName			= Common Name (e.g. server FQDN or YOUR name)
commonName_max			= 64
commonName_default 		= localhost

emailAddress			= Email Address
emailAddress_default 		= [email protected]

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1       = hubspot.com
DNS.2       = *.hubspot.com
EOF

echo "Creating Certificate Authority Cert"

openssl genrsa -aes256 -out ca.key.pem 2048
chmod 400 ca.key.pem
openssl req -new -x509 -subj "/CN=myca" -extensions v3_ca -days 3650 -key ca.key.pem -sha256 -out ca.pem -config $prefix.cnf

echo "Creating Signed Certificate"

openssl genrsa -out $prefix.key.pem 2048
openssl req -config $prefix.cnf -subj "/CN=$prefix" -extensions v3_req -sha256 -new -key $prefix.key.pem -out $prefix.csr
openssl x509 -req -extensions v3_req -days 3650 -sha256 -in $prefix.csr -CA ca.pem -CAkey ca.key.pem -CAcreateserial -out $prefix.crt -extfile $prefix.cnf

echo "Certificate: "
openssl x509 -in $prefix.crt -text -noout
echo "Certificate Successfully Created"