Simple way to create self-signed SSL certificates.
|
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash # usage: ./create-ca.sh if [ -e ca.key ]; then echo "ca.key already exists" exit 1 fi openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \ -subj "/C=AT/ST=Vienna/L=Vienna/O=coffeebeans.at/OU=IT/CN=coffeebeans.at/emailAddress=office@coffeebeans.at" |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
#!/bin/bash # usage: ./create-key.sh CN NAME=$1 SERIAL=`ls -l *.key | wc -l` if [ $SERIAL -lt 10 ]; then SERIAL="0$SERIAL" fi if [ -e $NAME.key ]; then echo "$NAME.key already exists" exit 1 fi if [ ! -e ca.crt ]; then echo "no ca certificate created" exit 1 fi echo "creating key for $NAME with serial $SERIAL" openssl genrsa -out $NAME.key 4096 openssl req -new -key $NAME.key -out $NAME.csr \ -subj "/C=AT/ST=Vienna/L=Vienna/O=coffeebeans.at/OU=IT/CN=$NAME/emailAddress=office@coffeebeans.at" openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key \ -set_serial $SERIAL -in $NAME.csr -out $NAME.crt rm *.csr |