91 lines
1.8 KiB
Bash
91 lines
1.8 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
gen_cert_self_signed()
|
||
|
|
||
|
{
|
||
|
domain=$1
|
||
|
|
||
|
openssl req -x509 \
|
||
|
-sha256 -days 3560 \
|
||
|
-nodes \
|
||
|
-newkey rsa:4096 \
|
||
|
-subj "/CN=$domain/C=FR/L=myserver" \
|
||
|
-keyout $domain.rootCA.key -out $domain.rootCA.crt
|
||
|
|
||
|
cat > $domain.csr.conf <<EOF
|
||
|
[ req ]
|
||
|
default_bits = 4096
|
||
|
prompt = no
|
||
|
default_md = sha256
|
||
|
req_extensions = req_ext
|
||
|
distinguished_name = dn
|
||
|
|
||
|
[ dn ]
|
||
|
C = FR
|
||
|
ST = Internet
|
||
|
L = Internet
|
||
|
O = $domain
|
||
|
OU = $domain
|
||
|
CN = $domain
|
||
|
|
||
|
[ req_ext ]
|
||
|
subjectAltName = @alt_names
|
||
|
|
||
|
[ alt_names ]
|
||
|
DNS.1 = $domain
|
||
|
DNS.2 = *.$domain
|
||
|
|
||
|
EOF
|
||
|
|
||
|
|
||
|
|
||
|
cat > $domain.cert.conf <<EOF
|
||
|
authorityKeyIdentifier=keyid,issuer
|
||
|
basicConstraints=CA:FALSE
|
||
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||
|
subjectAltName = @alt_names
|
||
|
|
||
|
[alt_names]
|
||
|
DNS.1 = $domain
|
||
|
DNS.2 = *.$domain
|
||
|
|
||
|
EOF
|
||
|
|
||
|
openssl genrsa -out $domain.key 4096
|
||
|
openssl req -new -key $domain.key -out $domain.csr -config $domain.csr.conf
|
||
|
openssl x509 -req \
|
||
|
-in $domain.csr \
|
||
|
-CA $domain.rootCA.crt -CAkey $domain.rootCA.key \
|
||
|
-CAcreateserial -out $domain.crt \
|
||
|
-days 3650 \
|
||
|
-sha256 -extfile $domain.cert.conf
|
||
|
}
|
||
|
|
||
|
install_cert_file(){
|
||
|
domain=$1
|
||
|
cp -v $domain.crt /etc/ssl/
|
||
|
cp -v $domain.key /etc/ssl/private/
|
||
|
chmod 700 /etc/ssl/private/$domain.key
|
||
|
chmod 440 /etc/ssl/$domain.crt
|
||
|
}
|
||
|
|
||
|
usage(){
|
||
|
print "This program ask domain as argument \n"
|
||
|
print "create cetifcate self signed for domain.tld and *.domain.tld"
|
||
|
print "Example: Your machine name is `hostname` and you want a ssl \
|
||
|
certificate for this machine, type: "
|
||
|
print "\t ./make_self_signed_cert.sh `hostname` "
|
||
|
|
||
|
}
|
||
|
|
||
|
if [ -z $1 ];
|
||
|
then
|
||
|
usage
|
||
|
exit 3;
|
||
|
fi
|
||
|
|
||
|
|
||
|
cd ./my_configuration/ssl/
|
||
|
gen_cert_self_signed $1
|
||
|
install_cert_file $1
|