self-signed-ssl-gen added

gists/self-signed-ssl/self-signed-ssl-gen.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# gist url: https://gist.github.com/adamrunner/285746ca0f22b0f2e10192427e0b703c
+
+# Bash shell script for generating self-signed certs. Run this in a folder, as it
+# generates a few files. Large portions of this script were taken from the
+# following artcile:
+# 
+# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
+# 
+# Additional alterations by: Brad Landers
+# Date: 2012-01-27
+# usage: ./gen_cert.sh example.com
+
+# Script accepts a single argument, the fqdn for the cert
+DOMAIN="$1"
+if [ -z "$DOMAIN" ]; then
+  echo "Usage: $(basename $0) <domain>"
+  exit 11
+fi
+
+fail_if_error() {
+  [ $1 != 0 ] && {
+    unset PASSPHRASE
+    exit 10
+  }
+}
+
+# Generate a passphrase
+export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
+
+# Certificate details; replace items in angle brackets with your own info
+subj="
+C=US
+ST=OR
+O=Blah
+localityName=Portland
+commonName=$DOMAIN
+organizationalUnitName=Blah Blah
+[email protected]
+"
+
+# Generate the server private key
+openssl genrsa -des3 -out $DOMAIN.key -passout env:PASSPHRASE 2048
+fail_if_error $?
+
+# Generate the CSR
+openssl req \
+    -new \
+    -batch \
+    -subj "$(echo -n "$subj" | tr "\n" "/")" \
+    -key $DOMAIN.key \
+    -out $DOMAIN.csr \
+    -passin env:PASSPHRASE
+fail_if_error $?
+cp $DOMAIN.key $DOMAIN.key.org
+fail_if_error $?
+
+# Strip the password so we don't have to type it every time we restart Apache
+openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
+fail_if_error $?
+
+# Generate the cert (good for 10 years)
+openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
+fail_if_error $?