Last active
June 30, 2021 21:53
-
-
Save armsultan/dd95d46b4b3349653e19dace57ea08d0 to your computer and use it in GitHub Desktop.
Revisions
-
armsultan revised this gist
Jun 30, 2021 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,9 @@ #!/usr/bin/env bash # How to use # 1. Make this script executable: # chmod +x ./self-signed-ssl.sh # 2. Run script and provide domain name: # ./self-signed-ssl.sh mydomain.com -
Jun 30, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,8 @@ # Make this script executable: # chmod +x ./self-signed-ssl.sh # ./self-signed-ssl.sh mydomain.com # print usage DOMAIN=$1 -
Jun 30, 2021 . 1 changed file with 9 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,21 +42,21 @@ VALIDITY="365" SUBJ_ROOTCA=" C=US ST=CO O=Local Development localityName=Local Development commonName=RootCA organizationalUnitName=Local Development emailAddress=RootCA@t3st.org " # Set our Server Certificate Attributes SUBJ_SERVER=" C=US ST=CO O=Local Development localityName=Local Development commonName=$WILDCARD organizationalUnitName=Local Development emailAddress=admin@t3st.org " @@ -80,10 +80,10 @@ openssl x509 -days $VALIDITY -req -in "$DOMAIN.csr" -CA ca.crt -CAkey ca.key -CA # SUBJ_CLIENT=" # C=US # ST=CO # O=Local Development # localityName=Local Development # commonName=$WILDCARD # organizationalUnitName=Local Development # emailAddress=admin@t3st.org # " -
Jun 25, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,101 @@ #!/usr/bin/env bash # Make this script executable: # chmod +x ./self-signed-ssl.sh # print usage DOMAIN=$1 if [ -z "$1" ]; then echo "USAGE: $0 domain.lan" echo "" echo "This will generate a non-secure self-signed wildcard certificate for a given domain." echo "This should only be used in a Non-Production and Development environment." exit fi # # Generate self signed certs # # Add wildcard WILDCARD="*.$DOMAIN" # Limit the validity period, it should be as short as you can handle from the # maintenance standpoint. Best Practice is 12 months Max VALIDITY="365" # This can be used for OCSP Responder for testing purposes which requires a # Root certificate with a certificate(s) generated from it. # First we will create a self-signed Root certificate using openssl then # Create the derived Wildcard certificate # Edit your own Certificate Attributes: # C: CountryName # S: StateOrProvinceName # L (localityName): Locality # O: Organization # CN (commonName): CommonName # OU (organizationalUnitName): OrganizationalUnit # emailAddress: Email Name # Set our RootCA Certificate Attributes SUBJ_ROOTCA=" C=US ST=CO O=Local Developement localityName=Local Developement commonName=RootCA organizationalUnitName=Local Developement emailAddress=RootCA@t3st.org " # Set our Server Certificate Attributes SUBJ_SERVER=" C=US ST=CO O=Local Developement localityName=Local Developement commonName=$WILDCARD organizationalUnitName=Local Developement emailAddress=admin@t3st.org " # Generate self signed root CA cert openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt\ -subj "$(echo -n "$SUBJ_ROOTCA" | tr "\n" "/")" # Generate server cert to be signed openssl req -nodes -newkey rsa:2048 -subj "$(echo -n "$SUBJ_SERVER" | tr "\n" "/")" -keyout "$DOMAIN.key" -out "$DOMAIN.csr" # Create a CA-Signed Certificates for Your Non-production Apps valid for x Days openssl x509 -days $VALIDITY -req -in "$DOMAIN.csr" -CA ca.crt -CAkey ca.key -CAcreateserial -out "$DOMAIN.crt" # # Generate Client Cert # (Uncomment openssl commands below when needed) # # Set our Server Certificate Attributes # SUBJ_CLIENT=" # C=US # ST=CO # O=Local Developement # localityName=Local Developement # commonName=$WILDCARD # organizationalUnitName=Local Developement # emailAddress=admin@t3st.org # " # Generate a client cert to be signed # openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr \ # -subj "$(echo -n "$SUBJ_CLIENT" | tr "\n" "/")" # # Sign the client cert # openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out client.crt # # Create client PEM file # cat client.key client.crt > client.pem # Create clientPFX file (for Java, C#, etc) openssl pkcs12 -inkey client.key -in # client.crt -export -out client.pfx