forked from Fishdrowned/ssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gen.cert.sh
executable file
·65 lines (54 loc) · 1.78 KB
/
gen.cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env bash
if [ -z "$1" ]
then
echo
echo 'Issue a wildcard SSL certificate with Fishdrowned ROOT CA'
echo
echo 'Usage: ./gen.cert.sh <domain> [<domain2>] [<domain3>] [<domain4>] ...'
echo ' <domain> The domain name of your site, like "example.dev",'
echo ' you will get a certificate for *.example.dev'
echo ' Multiple domains are acceptable'
exit;
fi
SAN=""
for var in "$@"
do
SAN+="DNS:*.${var},DNS:${var},"
done
SAN=${SAN:0:${#SAN}-1}
# Move to root directory
cd "$(dirname "${BASH_SOURCE[0]}")"
# Generate root certificate if not exists
if [ ! -f "out/root.crt" ]; then
bash gen.root.sh
fi
# Create domain directory
BASE_DIR="out/$1"
TIME=`date +%Y%m%d-%H%M`
DIR="${BASE_DIR}/${TIME}"
mkdir -p ${DIR}
# Create CSR
openssl req -new -out "${DIR}/$1.csr.pem" \
-key out/cert.key.pem \
-reqexts SAN \
-config <(cat ca.cnf \
<(printf "[SAN]\nsubjectAltName=${SAN}")) \
-subj "/C=CN/ST=Guangdong/L=Guangzhou/O=Fishdrowned/OU=$1/CN=*.$1"
# Issue certificate
# openssl ca -batch -config ./ca.cnf -notext -in "${DIR}/$1.csr.pem" -out "${DIR}/$1.cert.pem"
openssl ca -config ./ca.cnf -batch -notext \
-in "${DIR}/$1.csr.pem" \
-out "${DIR}/$1.crt" \
-cert ./out/root.crt \
-keyfile ./out/root.key.pem
# Chain certificate with CA
cat "${DIR}/$1.crt" ./out/root.crt > "${DIR}/$1.bundle.crt"
ln -snf "./${TIME}/$1.bundle.crt" "${BASE_DIR}/$1.bundle.crt"
ln -snf "./${TIME}/$1.crt" "${BASE_DIR}/$1.crt"
ln -snf "../cert.key.pem" "${BASE_DIR}/$1.key.pem"
ln -snf "../root.crt" "${BASE_DIR}/root.crt"
# Output certificates
echo
echo "Certificates are located in:"
LS=$([[ `ls --help | grep '\-\-color'` ]] && echo "ls --color" || echo "ls -G")
${LS} -la `pwd`/${BASE_DIR}/*.*