Jump to content

How to create a self-signed certificate the easy way

FunkyBuddha

By FunkyBuddha
in Tips and Tricks

Recommended Posts

FunkyBuddha Member

FunkyBuddha

Posted
Posted

If you ever need to generate a self-signed certificate, this is the easiest way I found so far.

Requirements:

  • OpenSSL

Use Cases:

  • Reverse Proxies
  • Expired Firewall Certificate
  • Home Labs
  • Secure intranet services connections

Bash Script:

Quote

crtcert() {
    set -e

    local OPENSSL_INSTALLED=false

    if which openssl >/dev/null
    then
      local OPENSSL_INSTALLED=true
    fi

    ## certificate parameters
    local COUNTRY_NAME="OZ"
    local STATE_NAME="Somewhere North"
    local LOCALITY_NAME="Yellow Brick Road"
    local ORGANIZATION_NAME="ACME Co, LLC."
    local ORGANIZATIONAL_UNIT_NAME="ACME Department"
    local COMMON_NAME="*.your.domain"
    local EMAIL_ADDRESS="[email protected]"

    ## apache or nginx
    local SERVER_KEY="sample-selfsigned.key"
    local SERVER_KEY_PATH="/path/to/ssl/private"
    local SERVER_CRT="sample-selfsigned.crt"
    local SERVER_CRT_PATH="/path/to/ssl/certs"

    local OPENSSL_SUBJ_OPTIONS="
    Country Name (2 letter code) [AU]:$COUNTRY_NAME
    State or Province Name (full name) [Some-State]:$STATE_NAME
    Locality Name (eg, city) []:$LOCALITY_NAME
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:$ORGANIZATION_NAME
    Organizational Unit Name (eg, section) []:$ORGANIZATIONAL_UNIT_NAME
    Common Name (e.g. server FQDN or YOUR name) []:$COMMON_NAME
    Email Address []:$EMAIL_ADDRESS
    "

    if [ "$OPENSSL_INSTALLED" = true ]
    then
        echo "generating self signed certificate"
        echo "with these options: "
        echo "$OPENSSL_SUBJ_OPTIONS"
        echo ""

        ## generate self signed certificate
        openssl req \
            -new \
            -newkey rsa:4096 \
            -days 365 \
            -nodes \
            -x509 \
            -subj "/emailAddress=$EMAIL_ADDRESS/C=$COUNTRY_NAME/ST=$STATE_NAME/L=$LOCALITY_NAME/O=$ORGANIZATION_NAME/OU=$ORGANIZATIONAL_UNIT_NAME/CN=$COMMON_NAME" \
            -keyout $SERVER_KEY \
            -out $SERVER_CRT
        
        ## uncomment: move to correct location
        mv -f $SERVER_KEY $SERVER_KEY_PATH/$SERVER_KEY
        mv -f $SERVER_CRT $SERVER_CRT_PATH/$SERVER_CRT
    else
        echo "openssl is not installed"
        exit 1
    fi

    #end
}

 

  • Thanks 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go to topic listing
×
×
  • Create New...