-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmk-ss
executable file
·51 lines (45 loc) · 1.4 KB
/
mk-ss
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
#
# mk-ss bash script
# =================
#
# This is a small bash function to create a self-signed certificate that
# expires in January 2038. If given no arguments it uses 'localhost' as
# the common name. The first argument is the Common Name and is copied
# into the SAN list additional arguments are set as extra SAN hosts.
#
# The certificate and key are 2048 bit RSA and sent out the standard output.
#
# This is about the same as: mk-cert -rsa -san -dnq $*
make_ss() {
local CN="$1" SERIAL SSKEY SSCERT
[ "$CN" = "" ] && CN=localhost
local -r make_ss_reqconf="$(typeset -f make_ss_reqconf)"
make_ss_reqconf() {
local SANLIST=''
SANLIST="$(echo "$*" | xargs)"
[ "$SANLIST" != "" ] && SANLIST="DNS:${SANLIST// /,DNS:}"
echo '[req]'
echo 'distinguished_name = rdn'
echo 'prompt = no'
[ "$SANLIST" != "" ] && echo 'x509_extensions = x509v3'
echo '[rdn]'
echo "dnQualifier=$SERIAL"
echo "CN=$CN"
[ "$SANLIST" != "" ] && {
echo '[x509v3]'
echo "subjectAltName=$SANLIST"
}
}
SERIAL="$(openssl rand -hex 8)"
SSKEY="$(openssl genrsa)"
SSCERT="$(openssl req -new -x509 \
-days $((24842 - $(date +%s)/86400)) \
-set_serial 0x"$SERIAL" \
-key <(echo "$SSKEY") \
-config <(make_ss_reqconf "$@") )"
unset -f make_ss_reqconf ; eval "$make_ss_reqconf"
echo "$SSCERT" | openssl x509 -subject -serial -dates
echo "$SSKEY"
}
make_ss "$@"