nahakubuilder/catchall-webbrowsing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
catchall-webbrowsing/generate_cert.sh
ghostersk 58d6218bc2 first commit
2024-03-29 12:48:27 +00:00

85 lines
2.5 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# CA Authority custom values:
CA_NAME="self.certificate" # Use your own domain name
CA_COUNTRY_Code="GB"
ca_stateOrProvinceName=England
ca_localityName="Yorkshire"
ca_orgUnitName="IT"
ca_comp_Name="Home Industry SelfSigned"
# your own values for certificate
NAME="flower.com" # Use your own domain name
COUNTRY_Code="GB"
stateOrProvinceName=England
localityName="Yorkshire"
organizationalUnitName="IT"
csr_email="myemail@$NAME"
company_Name="Adventures"
# Also edit Suj Alt names for the certificate down 2x
# folders
cert_dir="ssl"
ca_dir='ssl/myca'
if [ ! -d "$cert_dir" ]; then
mkdir $cert_dir
fi
if [ ! -d "$ca_dir" ]; then
mkdir $ca_dir
fi
# Check if CA certificate and key files exist
if [[ ! -f "$ca_dir/ca-cert.pem" ]] || [[ ! -f "$ca_dir/ca-key.pem" ]]; then
echo "CA certificate or key file not found. Creating new CA!!!"
# Generate CA-Private Key
openssl genrsa 2048 > "$ca_dir/ca-key.pem"
# Generate CA certificate
openssl req -new -x509 -nodes -days 365000 \
-key "$ca_dir/ca-key.pem" \
-out "$ca_dir/ca-cert.pem" \
-subj "/C=$CA_COUNTRY_Code/ST=$ca_stateOrProvinceName/L=$ca_localityName/O=$ca_comp_Name/OU=$ca_orgUnitName/CN=$CA_NAME"
else
echo "CA certificate and key file found. Using existing Certificate Authority!"
fi
# Server Key and request
# bellow you can set alt_names for hosname and IP you want to use with this cert
openssl req -newkey rsa:2048 -nodes -days 365000 \
-keyout "$cert_dir/key.pem" \
-out "$cert_dir/server-req.pem" \
-subj "/C=$COUNTRY_Code/ST=$stateOrProvinceName/L=$localityName/O=$company_Name/OU=$organizationalUnitName/CN=$NAME/emailAddress=$csr_email" \
-config <(cat <<-EOF
[req]
req_extensions = v3_req
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.${NAME}
DNS.2 = piserver.local
DNS.3 = localhost
IP.1 = 127.0.0.1
IP.2 = 10.100.112.254
IP.3 = 10.99.197.231
EOF
)
# Generate X509 Certificate for the server
openssl x509 -req -days 365000 -set_serial 01 \
-in "$cert_dir/server-req.pem" \
-out "$cert_dir/cert.pem" \
-CA "$ca_dir/ca-cert.pem" \
-CAkey "$ca_dir/ca-key.pem" \
-extfile <(echo "subjectAltName = DNS:*.${NAME}, DNS:piserver.local, DNS:localhost, IP:127.0.0.1, IP:10.100.112.254, IP:10.99.197.231")
# Testing certs:
openssl verify -CAfile "$ca_dir/ca-cert.pem" \
"$ca_dir/ca-cert.pem" \
"$cert_dir/cert.pem"
# To add them to the CA approved list in linux:
# sudo cp $ca_dir/ca-cert.pem /usr/local/share/ca-certificates/ca-cert001.crt
# sudo update-ca-certificates
Reference in New Issue View Git Blame Copy Permalink