|
|
@ -25,53 +25,53 @@ openssl genrsa -out rootCA.key 2048 |
|
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.pem |
|
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.pem |
|
|
|
|
|
|
|
|
create this file - v3.ext: |
|
|
create this file - v3.ext: |
|
|
authorityKeyIdentifier=keyid,issuer |
|
|
authorityKeyIdentifier=keyid,issuer |
|
|
basicConstraints=CA:FALSE |
|
|
basicConstraints=CA:FALSE |
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment |
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment |
|
|
subjectAltName = @alt_names |
|
|
subjectAltName = @alt_names |
|
|
|
|
|
|
|
|
[alt_names] |
|
|
[alt_names] |
|
|
DNS.1 = %%DOMAIN%% |
|
|
DNS.1 = %%DOMAIN%% |
|
|
|
|
|
|
|
|
Run this script in same directory as v3.ext file: |
|
|
Run this script in same directory as v3.ext file: |
|
|
if [ -z "$1" ] |
|
|
if [ -z "$1" ] |
|
|
then |
|
|
then |
|
|
echo "Please supply a domain to create a certificate for"; |
|
|
echo "Please supply a domain to create a certificate for"; |
|
|
echo "e.g. mysite.com" |
|
|
echo "e.g. mysite.com" |
|
|
exit; |
|
|
exit; |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
# Create a new private key if one doesnt exist, or use the existing one if it does |
|
|
# Create a new private key if one doesnt exist, or use the existing one if it does |
|
|
if [ -f device.key ]; then |
|
|
if [ -f device.key ]; then |
|
|
KEY_OPT="-key" |
|
|
KEY_OPT="-key" |
|
|
else |
|
|
else |
|
|
KEY_OPT="-keyout" |
|
|
KEY_OPT="-keyout" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
DOMAIN=$1 |
|
|
DOMAIN=$1 |
|
|
COMMON_NAME=${2:-*.$1} |
|
|
COMMON_NAME=${2:-*.$1} |
|
|
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME" |
|
|
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME" |
|
|
NUM_OF_DAYS=36500 |
|
|
NUM_OF_DAYS=36500 |
|
|
openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr |
|
|
openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr |
|
|
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext |
|
|
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext |
|
|
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext |
|
|
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext |
|
|
|
|
|
|
|
|
# move output files to final filenames |
|
|
# move output files to final filenames |
|
|
mv device.csr $DOMAIN.csr |
|
|
mv device.csr $DOMAIN.csr |
|
|
cp device.crt $DOMAIN.crt |
|
|
cp device.crt $DOMAIN.crt |
|
|
|
|
|
|
|
|
# remove temp file |
|
|
# remove temp file |
|
|
rm -f device.crt; |
|
|
rm -f device.crt; |
|
|
|
|
|
|
|
|
echo |
|
|
echo |
|
|
echo "###########################################################################" |
|
|
echo "###########################################################################" |
|
|
echo Done! |
|
|
echo Done! |
|
|
echo "###########################################################################" |
|
|
echo "###########################################################################" |
|
|
echo "To use these files on your server, simply copy both $DOMAIN.csr and" |
|
|
echo "To use these files on your server, simply copy both $DOMAIN.csr and" |
|
|
echo "device.key to your webserver, and use like so (if Apache, for example)" |
|
|
echo "device.key to your webserver, and use like so (if Apache, for example)" |
|
|
echo |
|
|
echo |
|
|
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt" |
|
|
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt" |
|
|
echo " SSLCertificateKeyFile /path_to_your_files/device.key" |
|
|
echo " SSLCertificateKeyFile /path_to_your_files/device.key" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
II. cp device.key /etc/ssl/private/ssl-cert-snakeoil.key |
|
|
II. cp device.key /etc/ssl/private/ssl-cert-snakeoil.key |
|
|
|
Jonathan Rosenbaum
7 years ago