Skip to content

Instantly share code, notes, and snippets.

@neowulf

neowulf/cert_gen.sh

Last active June 11, 2025 17:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save neowulf/adc690ce8b6acbdf195a7595fea61414 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save neowulf/adc690ce8b6acbdf195a7595fea61414 to your computer and use it in GitHub Desktop.
Download ZIP
Certificates
Raw
cert_gen.sh
#!/usr/bin/env bash
set -eou pipefail
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
PROJECT_DIR=$(git rev-parse --show-toplevel)
pushd "${DIR}"
trap popd EXIT
rm -f server* rootCA*
# generate a self signed certificate using a single command
#openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
# -subj '/C=US/ST=California/L=Palo Alto/O=Personal/OU=Personal/CN=*.foobar.com' \
# -addext "subjectAltName=DNS:*.foobar1.com,DNS:*.foobar2.com" \
# -keyout server.key -out server.crt
# root key
openssl genrsa -out rootCA.key 2048
# root certificate
openssl req -x509 -new -nodes -sha256 -days 1024 \
-subj '/C=US/ST=California/L=Palo Alto/O=Personal/OU=Personal/CN=foobar-ca.com' \
-key rootCA.key -out rootCA.crt
# private key and certificate signing request
openssl req -new -text -nodes \
-subj '/C=US/ST=California/L=Palo Alto/O=Personal/OU=Personal/CN=*.foobar.com' \
-addext "subjectAltName=DNS:*.foobar1.com,DNS:*.foobar2.com" \
-keyout server.key -out server.csr
# generate self-signed certificate using root key/cert, and the csr
openssl req -x509 -days 3650 \
-copy_extensions copyall \
-in server.csr -out server.crt \
-CA rootCA.crt -CAkey rootCA.key
# create the pem files
cat rootCA.key rootCA.crt > rootCA.pem
cat server.key server.crt > server.pem
openssl verify -CAfile rootCA.pem server.pem
# view certificate
# openssl x509 -text -noout -in server.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment