#!/bin/bash# Create a self-signed SSL certificate with OpenSSL.# libfaketime i

1. #!/bin/bash
2. # Create a self-signed SSL certificate with OpenSSL.
3. # libfaketime is required to customize the validity period.
4.  
5. HOSTNAME="flipflap"
6. IPADDR="0.0.0.0"
7. RSA_BITS=2048
8.  
9. FROM="2017-01-01 00:00:00"
10. DAYS=8400 # valid until 2040-01-01
11. SUBJ="/C=KP/L=The Internet/O=Meme Factory/CN=${HOSTNAME}"
12.  
13. KEY="key.pem"
14. CERT="cert.pem"
15.  
16.  
17. read -d '' CONFIG << EOF
18. distinguished_name = req_distinguished_name
19. x509_extensions = v3_req
20.  
21. [v3_req]
22. subjectAltName = DNS:${HOSTNAME}, IP:${IPADDR}
23. basicConstraints = critical, CA:FALSE
24.  
25. [req_distinguished_name]
26. EOF
27.  
28. [ -f "$KEY" ] || (openssl genrsa -out "$KEY" $RSA_BITS && chmod 600 "$KEY")
29.  
30. [ -f "$CERT" ] || TZ=UTC faketime -f "$FROM" \
31. openssl req -verbose -new -x509 -config <(echo "$CONFIG") \
32. -key "$KEY" -days $DAYS -subj "$SUBJ" -out "$CERT"
33.  
34. [ -f "$CERT" ] && openssl x509 -in "$CERT" -text -noout