Initial checking

2024-11-05 10:16:34 +09:00
commit 36f81c3f5f
4 changed files with 285 additions and 0 deletions
--- a/bin/modern_ssl_create.sh
+++ b/bin/modern_ssl_create.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Generate "modern" self-signed TLS certificate
+
+echo 'Hostnames (space-separated, 1st will be CN, issuer, and filename prefix): '
+read -r -e -i "${hostname:-host.example.com}" hostnames
+echo 'IP addresses (space-separated): '
+read -r -e -i "${ip:-192.168.2.1}"  ips
+
+umask 0077
+
+san_dns=''
+for h in ${hostnames}
+do
+	[[ -z ${cn} ]] && dn="CN=${h}" && cn="${h}"
+	san_dns="DNS:${h},${san_dns}"
+done
+
+for i in ${ips}
+do
+	san_ip="IP:${i},${san_ip}"
+done
+
+subjectAltName="${san_dns}"
+[[ -n ${san_ip} ]] && subjectAltName="${subjectAltName}${san_ip}"
+subjectAltName="${subjectAltName%,*}"
+
+set -u
+set -e
+openssl ecparam -genkey -name secp384r1 -noout -out "${cn}.key.pem"
+openssl req -reqexts san_details -new -key "${cn}.key.pem" -sha256 -days "${days:-10000}" -x509 -extensions san_details -out "${cn}.cert.pem" -config <(printf '[req] \n prompt=no \n utf8=yes \n distinguished_name=dn_details \n req_extensions=san_details \n [dn_details] \n %s \n [san_details] \n subjectAltName=%s\n' "${dn}" "${subjectAltName}")
+
+echo "All done, cert data follows:"
+openssl x509 -in "${cn}.cert.pem" -noout
+openssl x509 -in "${cn}.cert.pem" -noout -text
+ls -l "./${cn}.key.pem" "./${cn}.cert.pem"
+
+# __END__