Init repo

make_self_signed_cert.sh

@@ -0,0 +1,90 @@
+#!/bin/sh
+
+gen_cert_self_signed()
+
+{
+    domain=$1
+
+    openssl req -x509 \
+            -sha256 -days 3560 \
+            -nodes \
+            -newkey rsa:4096 \
+            -subj "/CN=$domain/C=FR/L=myserver" \
+            -keyout $domain.rootCA.key -out $domain.rootCA.crt
+
+    cat > $domain.csr.conf <<EOF
+[ req ]
+default_bits = 4096
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C = FR
+ST = Internet
+L = Internet
+O = $domain
+OU = $domain
+CN = $domain
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = $domain
+DNS.2 = *.$domain
+
+EOF
+
+
+
+    cat > $domain.cert.conf <<EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = $domain
+DNS.2 = *.$domain
+
+EOF
+
+    openssl genrsa -out $domain.key 4096
+    openssl req -new -key $domain.key -out $domain.csr -config $domain.csr.conf
+    openssl x509 -req \
+            -in $domain.csr \
+            -CA $domain.rootCA.crt -CAkey $domain.rootCA.key \
+            -CAcreateserial -out $domain.crt \
+            -days 3650 \
+            -sha256 -extfile $domain.cert.conf
+}
+
+install_cert_file(){
+    domain=$1
+    cp -v $domain.crt /etc/ssl/
+    cp -v $domain.key /etc/ssl/private/
+    chmod 700 /etc/ssl/private/$domain.key
+    chmod 440 /etc/ssl/$domain.crt
+}
+
+usage(){
+    print "This program ask domain as argument \n"
+    print "create cetifcate self signed for domain.tld and  *.domain.tld"
+    print "Example: Your machine name is `hostname` and you want a ssl \
+certificate for this machine, type: "
+    print "\t ./make_self_signed_cert.sh `hostname` "
+
+}
+
+if [ -z $1 ];
+then
+    usage
+    exit 3;
+fi
+
+
+cd ./my_configuration/ssl/
+gen_cert_self_signed $1
+install_cert_file $1