29 lines
922 B
Bash
29 lines
922 B
Bash
#!/bin/bash
|
|
|
|
# $1 is the first script argument, that will be the certificate's name.
|
|
# Other arguments are other domain names to be added to the certificate.
|
|
|
|
# Generate secret key
|
|
openssl req -new -nodes -out certs/$1.csr -newkey rsa:2048 -keyout certs/$1.key -subj "/CN=$1/C=AT/ST=Vienna/L=Vienna/O=MyOrg"
|
|
|
|
# Write certificate information
|
|
cat > certs/$1.v3.ext << EOF
|
|
authorityKeyIdentifier=keyid,issuer
|
|
basicConstraints=CA:FALSE
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
EOF
|
|
|
|
# Iterate script arguments
|
|
let i=1
|
|
for name in "$@"
|
|
do
|
|
echo "DNS.$i = $name" >> certs/$1.v3.ext
|
|
let i++
|
|
echo "DNS.$i = $name.localhost" >> certs/$1.v3.ext
|
|
let i++
|
|
done
|
|
|
|
# Sign certificate with CA
|
|
openssl x509 -req -in certs/$1.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/$1.crt -days 730 -sha256 -extfile certs/$1.v3.ext -passin pass:foo
|