selfSignedCert.sh

#! /bin/sh

# a blazingly simple script for creating self signed certificate

echo "start creating self signed certificate."

echo "enter Common Name(CN) of CA, such as website.com :"
read caCommonName


echo "enter Common Name(CN) of server,"
echo "DO NOT be the same as CA,  such as abc.website.com :"
read serCommonName


touch extfile.cnf

echo "[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
commonName = $serCommonName

[v3_req]
basicConstraints = CA:TRUE
subjectAltName = @alt_names

[alt_names]" | tee -a extfile.cnf > /dev/null

echo "need add mulity IPs ?y/n"
read addIPs

if [ "$addIPs" = "y" ]; then
    echo "input IPs concat with ',':"
    read IPs
	
	a=1
	IFS=',' read -ra CONTENT <<< "$IPs"
	for i in "${CONTENT[@]}"; do 
	  echo "IP.$a = $i"  | tee -a extfile.cnf 
	  a=$((a+1))
	done 
else
    IPs=""
fi


echo "need add mulity domains ? y/n"
read addDomains

if [ "$addDomains" = "y" ]; then
	echo "input domains concat with ',':"
	read domains

	a=1
	IFS=',' read -ra CONTENT <<< "$domains"
	for i in "${CONTENT[@]}"; do 
	  echo "DNS.$a = $i"  | tee -a extfile.cnf
	  a=$((a+1))
	done 
else
	domains=""
fi

echo "generate CA key "
openssl genrsa -out ca.key 2048

echo "generate CA crt "
openssl req -x509 -new -nodes -key ca.key -days 5000 -out ca.crt  -subj "/CN=$caCommonName" 

echo "generate server key "
openssl genrsa -out server.key 2048

echo "generate server csr "
openssl req -new -key server.key -out server.csr -extensions v3_req -config extfile.cnf -subj "/CN=$serCommonName" 

echo "generate server crt "
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions v3_req -extfile extfile.cnf

echo "verify generate server crt file:"
openssl verify -CAfile  ca.crt  server.crt