Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- DOMAIN=$1
- PASSPHRASE="EFC Local Development"
- COUNTRY=DE
- ######################
- # Become a Certificate Authority
- ######################
- # Generate private key
- openssl genrsa -des3 -passout pass:"${PASSPHRASE}" -out "./ssl/myCA.key" 2048
- # Generate root certificate
- openssl req -x509 -new -nodes -key "./ssl/myCA.key" -passin pass:"${PASSPHRASE}" -sha256 -days 825 -out "./ssl/myCA.pem" -subj "/C=${COUNTRY}"
- ######################
- # Create CA-signed certs
- ######################
- # Generate a private key
- openssl genrsa -out "./nginx/ssl/${DOMAIN}.key" 2048
- # Create a certificate-signing request
- openssl req -new -key "./nginx/ssl/${DOMAIN}.key" -out "./nginx/ssl/${DOMAIN}.csr" -subj "/CN=${DOMAIN}/O=${PASSPHRASE}/C=${COUNTRY}"
- # Create a config file for the extensions
- >./nginx/ssl/$DOMAIN.ext cat <<-EOF
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = $DOMAIN # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
- DNS.2 = affiliates.$DOMAIN # Optionally, add additional domains (I've added a subdomain here)
- DNS.3 = pov.$DOMAIN # Optionally, add additional domains (I've added a subdomain here)
- EOF
- # Create the signed certificate
- openssl x509 -req -in "./nginx/ssl/${DOMAIN}.csr" -passin pass:"${PASSPHRASE}" -CA "./ssl/myCA.pem" -CAkey "./ssl/myCA.key" -CAcreateserial \
- -out "./nginx/ssl/${DOMAIN}.crt" -days 825 -sha256 -extfile "./nginx/ssl/${DOMAIN}.ext"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement