Last active
December 22, 2020 16:29
-
-
Save vpnwall-services/2ace05963dbc3d3bb017c1903cb492bc to your computer and use it in GitHub Desktop.
[Generate self-signed certificate] Create a self-signed certificate #linux #certificate #ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Generate key and certificate | |
| openssl genrsa -out privkey.pem 4096 | |
| openssl req -new -x509 -key privkey.pem -out cert.pem -days 1826 | |
| # Generate full self-signed certificate chain | |
| # Create root key | |
| openssl genrsa -des3 -out rootCA.key 4096 | |
| # Create and self sign root certificate | |
| openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt | |
| # Create a certificate (for each server) | |
| openssl genrsa -out mydomain.com.key 4096 | |
| # Create the CSR | |
| openssl req -new -sha256 -key mydomain.com.key -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=mydomain.com" -out mydomain.com.csr | |
| # Verify CSR | |
| openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mydomain.com.crt -days 500 -sha256 | |
| # Verify certificate's content | |
| openssl x509 -in mydomain.com.crt -text -noout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !/usr/bin/env bash | |
| # print usage | |
| DOMAIN=$1 | |
| if [ -z "$1" ]; then | |
| echo "USAGE: $0 domain.lan" | |
| echo "" | |
| echo "This will generate a non-secure self-signed wildcard certificate for given domain." | |
| echo "This should only be used in a development environment." | |
| exit | |
| fi | |
| # Add wildcard | |
| WILDCARD="*.$DOMAIN" | |
| # Set our CSR variables | |
| SUBJ=" | |
| C=US | |
| ST=NY | |
| O=Local Developement | |
| localityName=Local Developement | |
| commonName=$WILDCARD | |
| organizationalUnitName=Local Developement | |
| emailAddress= | |
| " | |
| # Generate our Private Key, CSR and Certificate | |
| openssl genrsa -out "$DOMAIN.key" 2048 | |
| openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$DOMAIN.key" -out "$DOMAIN.csr" | |
| openssl x509 -req -days 3650 -in "$DOMAIN.csr" -signkey "$DOMAIN.key" -out "$DOMAIN.crt" | |
| rm "$DOMAIN.csr" | |
| echo "" | |
| echo "Next manual steps:" | |
| echo "- Use $DOMAIN.crt and $DOMAIN.key to configure Apache/nginx" | |
| echo "- Import $DOMAIN.crt into Chrome settings: chrome://settings/certificates > tab 'Authorities'" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment