skripal · September 7, 2020 10:31
diff --git a/create_certificate_for_domain.sh b/create_certificate_for_domain.sh
 #!/usr/bin/env bash

 if [ -z "$1" ]
 then
  echo "Please supply a subdomain to create a certificate for";
  echo "e.g. mysite.localhost"
  exit;
 fi

 # Create a new private key if one doesnt exist, or use the xeisting one if it does
 if [ -f device.key ]; then
  KEY_OPT="-key"
 else
  KEY_OPT="-keyout"
 fi

 DOMAIN=$1
 COMMON_NAME=${2:-$1}

 SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
 NUM_OF_DAYS=999
 openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
 cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
 openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext 

 # move output files to final filenames
 mv device.csr $DOMAIN.csr
 cp device.crt $DOMAIN.crt

 # remove temp file
 rm -f device.crt;

 echo 
 echo "###########################################################################"
 echo Done! 
 echo "###########################################################################"
 echo "To use these files on your server, simply copy both $DOMAIN.crt and"
 echo "device.key to your webserver, and use like so (if Apache, for example)"
 echo 
 echo "    SSLCertificateFile    /path_to_your_files/$DOMAIN.crt"
 echo "    SSLCertificateKeyFile /path_to_your_files/device.key"
diff --git a/create_root_cert_and_key.sh b/create_root_cert_and_key.sh
 #!/usr/bin/env bash

 openssl genrsa -out rootCA.key 2048
 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
diff --git a/v3.ext b/v3.ext
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = %%DOMAIN%%
 DNS.2 = *.%%DOMAIN%%
	#!/usr/bin/env bash

	if [ -z "$1" ]
	then
	echo "Please supply a subdomain to create a certificate for";
	echo "e.g. mysite.localhost"
	exit;
	fi

	# Create a new private key if one doesnt exist, or use the xeisting one if it does
	if [ -f device.key ]; then
	KEY_OPT="-key"
	else
	KEY_OPT="-keyout"
	fi

	DOMAIN=$1
	COMMON_NAME=${2:-$1}

	SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
	NUM_OF_DAYS=999
	openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
	cat v3.ext \| sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
	openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext

	# move output files to final filenames
	mv device.csr $DOMAIN.csr
	cp device.crt $DOMAIN.crt

	# remove temp file
	rm -f device.crt;

	echo
	echo "###########################################################################"
	echo Done!
	echo "###########################################################################"
	echo "To use these files on your server, simply copy both $DOMAIN.crt and"
	echo "device.key to your webserver, and use like so (if Apache, for example)"
	echo
	echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt"
	echo " SSLCertificateKeyFile /path_to_your_files/device.key"
	#!/usr/bin/env bash

	openssl genrsa -out rootCA.key 2048
	openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = %%DOMAIN%%
	DNS.2 = *.%%DOMAIN%%