Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Create a self-signed SSL certificate with OpenSSL.
- # libfaketime is required to customize the validity period.
- HOSTNAME="flipflap"
- IPADDR="0.0.0.0"
- RSA_BITS=2048
- FROM="2017-01-01 00:00:00"
- DAYS=8400 # valid until 2040-01-01
- SUBJ="/C=KP/L=The Internet/O=Meme Factory/CN=${HOSTNAME}"
- KEY="key.pem"
- CERT="cert.pem"
- read -d '' CONFIG << EOF
- distinguished_name = req_distinguished_name
- x509_extensions = v3_req
- [v3_req]
- subjectAltName = DNS:${HOSTNAME}, IP:${IPADDR}
- basicConstraints = critical, CA:FALSE
- [req_distinguished_name]
- EOF
- [ -f "$KEY" ] || (openssl genrsa -out "$KEY" $RSA_BITS && chmod 600 "$KEY")
- [ -f "$CERT" ] || TZ=UTC faketime -f "$FROM" \
- openssl req -verbose -new -x509 -config <(echo "$CONFIG") \
- -key "$KEY" -days $DAYS -subj "$SUBJ" -out "$CERT"
- [ -f "$CERT" ] && openssl x509 -in "$CERT" -text -noout
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement