ScriptsCollections/ssl-create
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ssl-create/bin/modern_ssl_create.sh
Clemens Schwaighofer 36f81c3f5f Initial checking
2024-11-05 10:16:34 +09:00

38 lines
1.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Generate "modern" self-signed TLS certificate
echo 'Hostnames (space-separated, 1st will be CN, issuer, and filename prefix): '
read -r -e -i "${hostname:-host.example.com}" hostnames
echo 'IP addresses (space-separated): '
read -r -e -i "${ip:-192.168.2.1}" ips
umask 0077
san_dns=''
for h in ${hostnames}
do
[[ -z ${cn} ]] && dn="CN=${h}" && cn="${h}"
san_dns="DNS:${h},${san_dns}"
done
for i in ${ips}
do
san_ip="IP:${i},${san_ip}"
done
subjectAltName="${san_dns}"
[[ -n ${san_ip} ]] && subjectAltName="${subjectAltName}${san_ip}"
subjectAltName="${subjectAltName%,*}"
set -u
set -e
openssl ecparam -genkey -name secp384r1 -noout -out "${cn}.key.pem"
openssl req -reqexts san_details -new -key "${cn}.key.pem" -sha256 -days "${days:-10000}" -x509 -extensions san_details -out "${cn}.cert.pem" -config <(printf '[req] \n prompt=no \n utf8=yes \n distinguished_name=dn_details \n req_extensions=san_details \n [dn_details] \n %s \n [san_details] \n subjectAltName=%s\n' "${dn}" "${subjectAltName}")
echo "All done, cert data follows:"
openssl x509 -in "${cn}.cert.pem" -noout
openssl x509 -in "${cn}.cert.pem" -noout -text
ls -l "./${cn}.key.pem" "./${cn}.cert.pem"
# __END__
Reference in New Issue View Git Blame Copy Permalink