conf_server/make_self_signed_cert.sh

91 lines
1.8 KiB
Bash
Executable File

#!/bin/sh
gen_cert_self_signed()
{
domain=$1
openssl req -x509 \
-sha256 -days 3560 \
-nodes \
-newkey rsa:4096 \
-subj "/CN=$domain/C=FR/L=myserver" \
-keyout $domain.rootCA.key -out $domain.rootCA.crt
cat > $domain.csr.conf <<EOF
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C = FR
ST = Internet
L = Internet
O = $domain
OU = $domain
CN = $domain
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = $domain
DNS.2 = *.$domain
EOF
cat > $domain.cert.conf <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain
DNS.2 = *.$domain
EOF
openssl genrsa -out $domain.key 4096
openssl req -new -key $domain.key -out $domain.csr -config $domain.csr.conf
openssl x509 -req \
-in $domain.csr \
-CA $domain.rootCA.crt -CAkey $domain.rootCA.key \
-CAcreateserial -out $domain.crt \
-days 3650 \
-sha256 -extfile $domain.cert.conf
}
install_cert_file(){
domain=$1
cp -v $domain.crt /etc/ssl/
cp -v $domain.key /etc/ssl/private/
chmod 700 /etc/ssl/private/$domain.key
chmod 440 /etc/ssl/$domain.crt
}
usage(){
print "This program ask domain as argument \n"
print "create cetifcate self signed for domain.tld and *.domain.tld"
print "Example: Your machine name is `hostname` and you want a ssl \
certificate for this machine, type: "
print "\t ./make_self_signed_cert.sh `hostname` "
}
if [ -z $1 ];
then
usage
exit 3;
fi
cd ./my_configuration/ssl/
gen_cert_self_signed $1
install_cert_file $1