Make certificates quickly

Posted: February 15th, 2016 | Author: | Filed under: SSL | No Comments »

Now that you have your own Certificate Authority setup from my previous article you’ll want a fast way of whipping up new certs. Never fear for making certs is here. Drop the following code into an executable file and place it into the myCA folder. You’ll be able to make certificates at whim by issuing a command like

make-cert.sh hostname.lan.domain.com 3650 01


#!/bin/bash

HOSTNAME=$1
DAYS=$2
SERIAL=$3

if [[ $# -lt 3 ]]; then
echo $0: requires FQDN for certificate, valid for X days, two digit serial, please document this
echo example: $0 hostname.lan.domain.com 3650 01
echo place this script into the myCA root folder
exit 1
fi

mkdir $HOSTNAME
openssl genrsa -des3 -out $HOSTNAME/$HOSTNAME.key 4096
openssl req -new -key $HOSTNAME/$HOSTNAME.key -out $HOSTNAME/$HOSTNAME.csr
openssl x509 -req -days $DAYS -in $HOSTNAME/$HOSTNAME.csr -CA cert/cert.pem -CAkey key/ca.key.pem -set_serial $SERIAL -out $HOSTNAME/$HOSTNAME.crt
openssl rsa -in $HOSTNAME/$HOSTNAME.key -out $HOSTNAME/$HOSTNAME.key.insecure
mv $HOSTNAME/$HOSTNAME.key $HOSTNAME/$HOSTNAME.key.secure
mv $HOSTNAME/$HOSTNAME.key.insecure $HOSTNAME/$HOSTNAME.key
exit 0



Leave a Reply