Use OpenSSL to create a certificate Bash script containing SAN

 2 minutes to read

Use OpenSSL to create a Certificate Bash script containing SAN

The previous article introduced Create a certificate containing SAN with OpenSSL But the command is executed in one line, which is very inconvenient. This article is rewritten to the shell script version, which is very convenient to generate a server and client certificate that can be generated by a command.

Create a file CERT.SH, save the shell script below, and then execute it directly to order a server and client certificate.

#!/bin/bash

DIR=./certs

if [ -d "$DIR" ]
then 
	echo "$DIR Found."
else
	mkdir certs
fi

rm certs/*

touch certs/openssl.cnf

cat>>certs/openssl.cnf<<EOF
[CA_default]
copy_extensions = copy
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
# country
C = CN
# province
ST = Jl
# city
L = Cc
# organization
O = hacker's home
# department
OU = hacker's home
# domain
CN = localhost
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
# 解析域名
DNS.1 = localhost
EOF

cd certs

echo "make ca key"
openssl genrsa -out ca.key 2048
echo "make ca certificate"
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

mkdir server
mkdir client
echo "make server key"
openssl genrsa -out server/server.key 2048 
echo "make server certificate"
openssl req -new -nodes -key server/server.key -out server/server.csr -config openssl.cnf -extensions 'v3_req'
openssl x509 -req -in server/server.csr -out server/server.pem -CA ca.crt -CAkey ca.key -CAcreateserial -extfile openssl.cnf -extensions 'v3_req'

echo "make client key"
openssl genrsa -out client/client.key 2048 
echo "make client certificate"
openssl req -new -nodes -key client/client.key -out client/client.csr -config openssl.cnf -extensions 'v3_req'
openssl x509 -req -in client/client.csr -out client/client.pem -CA ca.crt -CAkey ca.key -CAcreateserial -extfile openssl.cnf -extensions 'v3_req'

Related posts

Create a certificate containing SAN with Openssl

Recent posts

Motrix: A Fast and Efficient Download Manager with 40.5k Star, Open Source, Free, and Ad-Free

Battle of CSS Frameworks: Bulma vs Tailwind CSS - Which One Should You Choose

What are the application scenarios of Python?

The first line of code in Go language

IPTV, Internet TV, Network TV, Smart TV - What are the differences between these concepts?


Tags

alpine assembly_language bbr blockchain cell_phone cloud-server cobra crawler css debian dns docker front-end-development go-micro golang hacker http2 https iptv java json linux markdown md5 mermaid motrix mysql nfc nginx openssl programming_language python redis sha256 shell sql tcp tls tunnel viper wifi wpa_supplicant zero-knowledge-proof

Archives

2023/(12)
2022/(34)
2021/(14)
2020/(8)
2019/(2)