Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Creates self-signed CA certificates and certificates for local domains.
- #
- # Prompts for a local domain name (e.g. my-app.localhost) and creates all
- # necessary certificates.
- #
- # Next steps:
- # Copy the certificates (e.g. my-app.localhost.crt and my-app.localhost.key) to
- # your service (Nginx, Apache, ...) and configure it.
- # Import the CA certificates in your browsers settings (e.g. my-app.localhost.rootCA.crt).
- # Your country code
- COUNTRY=DE
- # Your state
- STATE=Berlin
- # Your organization. This will appear in the list of trusted CAs in your browser.
- ORGANIZATION=DCD
- # Check if openssl is installed
- if [ ! -x "$(command -v openssl)" ]; then
- echo 'Error: openssl is not installed.' >&2
- exit 1
- fi
- read -p "Please enter the local domain name: " DOMAIN
- # Check if the root CA file is already created
- CANAME="rootCA"
- if [ ! -f "$CANAME.crt" ]; then
- echo "CA file \"$CANAME.crt\" does not exist. Create root key and certificate..."
- openssl genrsa -out $CANAME.key 4096 # or with pw protection: openssl genrsa -des3 -out $CANAME.key 4096
- openssl req -x509 -new -nodes -subj "/C=$COUNTRY/ST=$STATE/O=$ORGANIZATION/CN=$ORGANIZATION" -key $CANAME.key -sha256 -days 1024 -out $CANAME.crt
- fi
- # Create Certificates
- echo "Create file $DOMAIN.key..."
- openssl genrsa -out $DOMAIN.key 2048
- echo "Create file $DOMAIN.csr..."
- openssl req -new -sha256 -key $DOMAIN.key -subj "/C=$COUNTRY/ST=$STATE/O=$ORGANIZATION/CN=$DOMAIN" -out $DOMAIN.csr
- echo "Create and sign file $DOMAIN.crt..."
- # Create config file
- cat >$DOMAIN.v3.ext<<EOF
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = $DOMAIN
- EOF
- # Create and sign certificate (valid for 500 days)
- openssl x509 -req -in $DOMAIN.csr -CA $CANAME.crt -CAkey $CANAME.key -CAcreateserial -out $DOMAIN.crt -days 1024 -sha256 -extfile $DOMAIN.v3.ext
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement