I would like to share this bash script with you all, in case you have to generate a self-signed certificate on your own server for Lab purposes. This certificate will be valid for 10 years but you can change it on the x509 section.
Formats used at this script:
Outputs Description Encoding openssl command .csr
(or use .pem)Certificate Signing Request
public-private keypairBase64 (ASCII) req .key Private Key
Public KeyBase64 (ASCII) genrsa
rsa.crt
(or use .cer)Certificate Base64 (ASCII) x509 .pfx personal exchange format PKCS#12 Binary pkcs12 dhparam.pem To enable the DHE-RSA-based SSL cipher suite Base64 (ASCII) dhparam
This script reads values described on the read command that will be used as variables to construct your self-signed certificate using openssl. This is easy, just follow these directions:
touch cert-gen.sh
ll | grep cert-gen.sh
-rw-rw-r-- 1 server server 0 Jun 2 00:33 cert-gen.sh
Notice the file does not have executable permissions so let's proceed to change that.
chmod -v u+x,g+x cert-gen.sh
mode of 'cert-gen.sh' changed from 0664 (rw-rw-r--) to 0774 (rwxrwxr--)
Then, let's proceed to add the following script into the file, you can use your preferred text editor.
If you want to execute your script after the code has been added to the file, use the following command:
./cert-gen.sh
vi cert-gen.sh
i
------------------------------------------
#!/bin/bash
# Date: 6/1/2022
# By Berny Ramirez
# br@netcode.vip
#Required:
echo "Welcome to the Certificate Generator"
echo "Please complete the following information"
read -p "FQDN: " domain
read -p "Password (4 to 1023 Char): " password
#Change to your company details
country=US
state=Georgia
locality=Atlanta
organization=netcode.vip
organizationalunit=IT
email=br@netcode.vip
if [ -z "$domain" ]
then
echo "Argument not present."
echo "Useage $0 [common name]"
exit 99
fi
#Generate a Private key with -des3 as cipher and 2048 as length
echo "Generating a private key request for $domain"
openssl genrsa -des3 -passout pass:$password -out $domain-priv.key 2048
echo "Generating a public key from a private key request for $domain"
openssl rsa -in $domain-priv.key -passin pass:$password -pubout -out $domain-pub.key
#Create the request with the private key
echo "Creating CSR - Certificate Signing Request"
openssl req -new -key $domain-priv.key -out $domain.csr -passin pass:$password \
-subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$domain/emailAddress=$email"
echo "Creating self-signed certificate"
openssl x509 -req -days 3650 -in $domain.csr -signkey $domain-priv.key -passin pass:$password -out $domain.crt
echo "Creating Diffie-Hellman parameters - dhparam"
openssl dhparam -out dhparam.pem 2048
echo
echo
echo "---------------------------"
echo "-----Below is your CSR-----"
echo "---------------------------"
echo
cat $domain.csr
echo
echo "---------------------------"
echo "-----Below is your Private Key-----"
echo "---------------------------"
echo
cat $domain-priv.key
echo
echo "---------------------------"
echo "-----Below is your Public Key-----"
echo "---------------------------"
echo
cat $domain-pub.key
echo
echo "---------------------------"
echo "-----Below is your Certificate -----"
echo "---------------------------"
echo
cat $domain.crt
echo
echo "---------------------------"
echo "-----Below is your Diffie-Hellman Param-----"
echo "---------------------------"
echo
cat dhparam.pem
echo
echo "Your Key and Certificate have been stored in this folder"
echo
echo "Generating .PFX File"
openssl pkcs12 -export -out $domain.pfx -passin pass:$password $domain.key -in $domain.crt
echo
echo ".PFX File has been created and stored"
echo
------------------------------------------
:wq!
If you want to delete all the files generated by the script just type:
rm domain*
rm dhparam.pem