Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@tailriver(Shinsuke Ogawa)

自己署名証明書を作るスクリプト

Posted at

Usage

$ ./self-sign example.com \*.example.com  # SNI and wildcard
$ days=825 ./self-sign example.com  # Change expiration
$ check=1 ./self-sign example.com  # Show certificate

Script

OpenSSL 1.1.1 以降が必要なことに留意する。
バージョンの確認は openssl version から。

#!/bin/bash

# Requires OpenSSL 1.1.1 or later

CN=$1
SAN=""
for name in $*; do
  # Note: IP:x.x.x.x is also valid
  SAN="${SAN}DNS:$name,"
done
SAN=${SAN::-1}

days=${days:-36500}  # days=825 ./self-sign ...
check=${check:-0}  # check=1 ./self-sign ...

secret=$CN.key
public=$CN.crt

openssl req -new -subj "/CN=$CN" -addext subjectAltName=$SAN \
  -newkey rsa:2048 -keyout $secret -nodes -x509 -days $days -out $public

# Check certificate
if [ $check != "0" ]; then
  openssl x509 -text -in $public -noout
fi

echo
echo "Secret key file: $secret"
echo "Public key file: $public"

References

0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?