49 lines
1.4 KiB
Bash
Executable File
49 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# передать параметром домен сайта, под который будет сгенерирован сертификат
|
|
|
|
CA="C=RU
|
|
ST=ST
|
|
O=TriumphTeam
|
|
localityName=Minsk
|
|
commonName=AleckseyHolubey
|
|
organizationalUnitName=TriumphTeam
|
|
emailAddress=azmandios@gmail.com"
|
|
|
|
CERT="commonName="$1"
|
|
organization=TriumphTeam
|
|
organizationalUnitName=TriumphTeam"
|
|
|
|
EXTS="
|
|
[req]
|
|
x509_extensions = v3_ca
|
|
|
|
[v3_ca]
|
|
nsCertType = server
|
|
keyUsage = digitalSignature,nonRepudiation,keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid,issuer
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.1 = localhost
|
|
DNS.2 = $1
|
|
DNS.3 = *.$1
|
|
IP.1 = 127.0.0.1
|
|
"
|
|
|
|
extfile="/tmp/openssl.conf.tmp"
|
|
|
|
# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list
|
|
|
|
openssl genrsa -out "localhost-ca.key" 4096
|
|
openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")"
|
|
|
|
echo "$EXTS" > $extfile
|
|
|
|
openssl genrsa -out "$1.key" 4096
|
|
openssl req -new -key "$1.key" -out "$1.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256
|
|
openssl x509 -req -in "$1.csr" -out "$1.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca
|
|
|
|
rm -f "$extfile"
|