local_cert.sh

1. #!/bin/bash
2.  
3. DOMAIN=$1
4. PASSPHRASE="EFC Local Development"
5. COUNTRY=DE
6.  
7. ######################
8. # Become a Certificate Authority
9. ######################
10.  
11. # Generate private key
12. openssl genrsa -des3 -passout pass:"${PASSPHRASE}" -out "./ssl/myCA.key" 2048
13. # Generate root certificate
14. openssl req -x509 -new -nodes -key "./ssl/myCA.key" -passin pass:"${PASSPHRASE}" -sha256 -days 825 -out "./ssl/myCA.pem" -subj "/C=${COUNTRY}"
15.  
16. ######################
17. # Create CA-signed certs
18. ######################
19.  
20. # Generate a private key
21. openssl genrsa -out "./nginx/ssl/${DOMAIN}.key" 2048
22. # Create a certificate-signing request
23. openssl req -new -key "./nginx/ssl/${DOMAIN}.key" -out "./nginx/ssl/${DOMAIN}.csr" -subj "/CN=${DOMAIN}/O=${PASSPHRASE}/C=${COUNTRY}"
24. # Create a config file for the extensions
25. >./nginx/ssl/$DOMAIN.ext cat <<-EOF
26. authorityKeyIdentifier=keyid,issuer
27. basicConstraints=CA:FALSE
28. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
29. subjectAltName = @alt_names
30. [alt_names]
31. DNS.1 = $DOMAIN # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
32. DNS.2 = affiliates.$DOMAIN # Optionally, add additional domains (I've added a subdomain here)
33. DNS.3 = pov.$DOMAIN # Optionally, add additional domains (I've added a subdomain here)
34. EOF
35. # Create the signed certificate
36. openssl x509 -req -in "./nginx/ssl/${DOMAIN}.csr" -passin pass:"${PASSPHRASE}" -CA "./ssl/myCA.pem" -CAkey "./ssl/myCA.key" -CAcreateserial \
37. -out "./nginx/ssl/${DOMAIN}.crt" -days 825 -sha256 -extfile "./nginx/ssl/${DOMAIN}.ext"
38.