conf_server/make_self_signed_cert.sh

#!/bin/sh

gen_cert_self_signed()

{
    domain=$1

    openssl req -x509 \
            -sha256 -days 3560 \
            -nodes \
            -newkey rsa:4096 \
            -subj "/CN=$domain/C=FR/L=myserver" \
            -keyout $domain.rootCA.key -out $domain.rootCA.crt

    cat > $domain.csr.conf <<EOF
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C = FR
ST = Internet
L = Internet
O = $domain
OU = $domain
CN = $domain

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = $domain
DNS.2 = *.$domain

EOF


    cat > $domain.cert.conf <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $domain
DNS.2 = *.$domain

EOF

    openssl genrsa -out $domain.key 4096
    openssl req -new -key $domain.key -out $domain.csr -config $domain.csr.conf
    openssl x509 -req \
            -in $domain.csr \
            -CA $domain.rootCA.crt -CAkey $domain.rootCA.key \
            -CAcreateserial -out $domain.crt \
            -days 3650 \
            -sha256 -extfile $domain.cert.conf
}

install_cert_file(){
    domain=$1
    cp -v $domain.crt /etc/ssl/
    cp -v $domain.key /etc/ssl/private/
    chmod 700 /etc/ssl/private/$domain.key
    chmod 440 /etc/ssl/$domain.crt
}

usage(){
    print "This program ask domain as argument \n"
    print "create cetifcate self signed for domain.tld and  *.domain.tld"
    print "Example: Your machine name is `hostname` and you want a ssl \
certificate for this machine, type: "
    print "\t ./make_self_signed_cert.sh `hostname` "

}

if [ -z $1 ];
then
    usage
    exit 3;
fi


cd ./my_configuration/ssl/
gen_cert_self_signed $1
install_cert_file $1
Init repo 2023-01-11 01:03:34 +01:00			`#!/bin/sh`

			`gen_cert_self_signed()`

			`{`
			`domain=$1`

			`openssl req -x509 \`
			`-sha256 -days 3560 \`
			`-nodes \`
			`-newkey rsa:4096 \`
			`-subj "/CN=$domain/C=FR/L=myserver" \`
			`-keyout $domain.rootCA.key -out $domain.rootCA.crt`

			`cat > $domain.csr.conf <<EOF`
			`[ req ]`
			`default_bits = 4096`
			`prompt = no`
			`default_md = sha256`
			`req_extensions = req_ext`
			`distinguished_name = dn`

			`[ dn ]`
			`C = FR`
			`ST = Internet`
			`L = Internet`
			`O = $domain`
			`OU = $domain`
			`CN = $domain`

			`[ req_ext ]`
			`subjectAltName = @alt_names`

			`[ alt_names ]`
			`DNS.1 = $domain`
			`DNS.2 = *.$domain`

			`EOF`



			`cat > $domain.cert.conf <<EOF`
			`authorityKeyIdentifier=keyid,issuer`
			`basicConstraints=CA:FALSE`
			`keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment`
			`subjectAltName = @alt_names`

			`[alt_names]`
			`DNS.1 = $domain`
			`DNS.2 = *.$domain`

			`EOF`

			`openssl genrsa -out $domain.key 4096`
			`openssl req -new -key $domain.key -out $domain.csr -config $domain.csr.conf`
			`openssl x509 -req \`
			`-in $domain.csr \`
			`-CA $domain.rootCA.crt -CAkey $domain.rootCA.key \`
			`-CAcreateserial -out $domain.crt \`
			`-days 3650 \`
			`-sha256 -extfile $domain.cert.conf`
			`}`

			`install_cert_file(){`
			`domain=$1`
			`cp -v $domain.crt /etc/ssl/`
			`cp -v $domain.key /etc/ssl/private/`
			`chmod 700 /etc/ssl/private/$domain.key`
			`chmod 440 /etc/ssl/$domain.crt`
			`}`

			`usage(){`
			`print "This program ask domain as argument \n"`
			`print "create cetifcate self signed for domain.tld and *.domain.tld"`
			print "Example: Your machine name is `hostname` and you want a ssl \
			`certificate for this machine, type: "`
			print "\t ./make_self_signed_cert.sh `hostname` "

			`}`

			`if [ -z $1 ];`
			`then`
			`usage`
			`exit 3;`
			`fi`


			`cd ./my_configuration/ssl/`
			`gen_cert_self_signed $1`
			`install_cert_file $1`