Generate self-signed SSL

gen_ssl.sh

#!/bin/bash

if [ -z "$1" ]; then
  echo "Error: No domain name provided."
  echo "Usage: $0 <domain>"
  exit 1
fi

######## Variables ########
DOMAIN="$1"
SAFE_DOMAIN=$(echo $DOMAIN | sed 's/*/wildcard/g')
KEY_PATH="/etc/ssl/private/${SAFE_DOMAIN}.key"
CSR_PATH="/etc/ssl/certs/${SAFE_DOMAIN}.csr"
CRT_PATH="/etc/ssl/certs/${SAFE_DOMAIN}.crt"
DAYS_VALID=365
CONFIG_FILE="/tmp/${SAFE_DOMAIN}.openssl.cnf"

######## Generate OpenSSL Configuration File ########
cat > $CONFIG_FILE <<EOL
[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca
prompt             = no

[req_distinguished_name]
CN = $DOMAIN

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

[alt_names]
DNS.1 = $DOMAIN
EOL

######### Generate a Private Key ########
openssl genpkey -algorithm RSA -out $KEY_PATH

######## Create a Certificate Signing Request (CSR) ########
openssl req -new -key $KEY_PATH -out $CSR_PATH -config $CONFIG_FILE

######## Generate a Self-Signed Certificate ########
openssl x509 -req -days $DAYS_VALID -in $CSR_PATH -signkey $KEY_PATH -out $CRT_PATH -extfile $CONFIG_FILE -extensions v3_ca

######## Clean up ########
rm -f $CONFIG_FILE

echo "Self-signed SSL certificate generated successfully!"
echo "Private Key: $KEY_PATH"
echo "CSR: $CSR_PATH"
echo "Certificate: $CRT_PATH"