-
Notifications
You must be signed in to change notification settings - Fork 1
/
create_cert.sh
executable file
·48 lines (34 loc) · 1.46 KB
/
create_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/env bash
# exit on error
set -e
# where is your openssl resides
OPENSSL=openssl
# ROOT - name for root CA key and certificate files
ROOT=root
# CN - canonical name (ex. google.com)
CN=${1:-"localhost.ca"}
# NAME - name for personal key, certificate-signing request and certificate files
NAME=${2:-${CN}}
######################
# Create CA-signed certs
######################
# Generate a private key
# echo "Generating personal private key ..."
${OPENSSL} genrsa -out "$NAME.key" 2048
# template for config file
conf_template="$(cat certificate.conf.tpl)"
conf_template=$(sed 's/\([^\\]\)"/\1\\"/g; s/^"/\\"/g' <<< "${conf_template}")
# Create a certificate-signing request
echo "Generating personal certificate signing request ..."
${OPENSSL} req -new -key "$NAME.key" -out "$NAME.csr" -config <(eval "echo \"${conf_template}\"") \
-subj "/C=US/ST=NY/L=New York/O=Localhost CA, LLC/OU=Dev/CN=${CN}/emailAddress=admin@${CN}"
# Create the signed certificate
echo "Generating personal certificate ..."
${OPENSSL} x509 -req -in "$NAME.csr" -CA "$ROOT.pem" -CAkey "$ROOT.key" -passin "file:${ROOT}.pas" -CAcreateserial \
-out "$NAME.pem" -days 825 -sha256 \
-extensions x509_ext -extfile <(eval "echo \"${conf_template}\"")
echo "###############################################"
echo "File ${NAME}.key is your personal key"
echo "File ${NAME}.pem is your personal certificate"
echo "File ${ROOT}.pem is a CA bundle"
echo "###############################################"