Last active
April 10, 2019 19:17
-
-
Save silverkorn/fd24c8cbf4da024917d498f2fc88091c to your computer and use it in GitHub Desktop.
Revisions
-
silverkorn revised this gist
Mar 26, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,7 @@ ########## # Config # ########## TMP_SSL_CERTIFICATE_NAME=$(basename "($(dirname "$(realpath "$0")")") TMP_SSL_CERTIFICAT_RSA_BITS=3072 TMP_SSL_CERTIFICAT_GENERATE_SELFSIGNED=1 TMP_SSL_CERTIFICAT_SELFSIGNED_VALID_DAYS=1095 -
Mar 26, 2019 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,7 @@ ########## # Config # ########## TMP_SSL_CERTIFICATE_NAME=$(basename "$(dirname \"$0\")") TMP_SSL_CERTIFICAT_RSA_BITS=3072 TMP_SSL_CERTIFICAT_GENERATE_SELFSIGNED=1 TMP_SSL_CERTIFICAT_SELFSIGNED_VALID_DAYS=1095 @@ -18,6 +18,9 @@ TMP_SSL_CERTIFICATE_PREFIX_COMMAND= # Windows / MinGW workaround [[ "$(uname)" =~ "MINGW" ]] && TMP_SSL_CERTIFICATE_PREFIX_COMMAND="winpty " # Change the default commonName from openssl.conf to the one from $TMP_SSL_CERTIFICATE_NAME sed -i -e "s/^\(commonName_default\s*=\).*$/\1 ${TMP_SSL_CERTIFICATE_NAME}/gmi" "${TMP_SSL_CERTIFICATE_ROOTPATH}/openssl.conf" ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl genrsa -des3 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" ${TMP_SSL_CERTIFICAT_RSA_BITS} ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl req -new -key "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -config "${TMP_SSL_CERTIFICATE_ROOTPATH}/openssl.conf" cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" -
Feb 21, 2018 . 1 changed file with 40 additions and 25 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,39 +4,54 @@ # Config # ########## TMP_SSL_CERTIFICATE_NAME=yourdomain.org TMP_SSL_CERTIFICAT_RSA_BITS=3072 TMP_SSL_CERTIFICAT_GENERATE_SELFSIGNED=1 TMP_SSL_CERTIFICAT_SELFSIGNED_VALID_DAYS=1095 ######### if [ -n "$1" ]; then TMP_SSL_CERTIFICATE_NAME=$1; fi TMP_SSL_CERTIFICATE_ROOTPATH=$(dirname "$0") TMP_SSL_CERTIFICATE_FULLNAME=${TMP_SSL_CERTIFICATE_NAME} TMP_SSL_CERTIFICATE_PREFIX_COMMAND= # Windows / MinGW workaround [[ "$(uname)" =~ "MINGW" ]] && TMP_SSL_CERTIFICATE_PREFIX_COMMAND="winpty " ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl genrsa -des3 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" ${TMP_SSL_CERTIFICAT_RSA_BITS} ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl req -new -key "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -config "${TMP_SSL_CERTIFICATE_ROOTPATH}/openssl.conf" cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl rsa -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" # Self-signing if [ "${TMP_SSL_CERTIFICAT_GENERATE_SELFSIGNED}" -eq "1" ]; then ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl x509 -req -extensions v3_req -days ${TMP_SSL_CERTIFICAT_SELFSIGNED_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -signkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -extfile "${TMP_SSL_CERTIFICATE_ROOTPATH}/openssl.conf" # CA Cert ${TMP_SSL_CERTIFICATE_PREFIX_COMMAND}openssl x509 -req -days ${TMP_SSL_CERTIFICAT_SELFSIGNED_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -CA "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -CAkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -set_serial 01 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" # (Optional) Install CA cert if [ -f "/etc/redhat-release" ]; then update-ca-trust force-enable cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/etc/pki/ca-trust/source/anchors/" update-ca-trust extract elif [ -f "/etc/debian-release" ]; then cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/usr/local/share/ca-certificates/" update-ca-certificates fi # View CSR openssl req -text -noout -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" # Validate with .key and .csr echo echo "\"${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt\" Hash:" openssl x509 -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" | openssl md5 echo fi # Detect if the key and csr are compatible echo "\"${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key\" Hash:" openssl rsa -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" | openssl md5 echo echo "\"${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr\" Hash:" openssl req -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" | openssl md5 -
Aug 14, 2017 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,11 +9,11 @@ TMP_SSL_CERTIFICAT_VALID_DAYS=1095 if [ -n "$1" ]; then TMP_SSL_CERTIFICATE_NAME=$1; fi TMP_SSL_CERTIFICATE_ROOTPATH="$(dirname $0)" TMP_SSL_CERTIFICATE_FULLNAME=${TMP_SSL_CERTIFICATE_NAME} openssl genrsa -des3 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" 3072 openssl req -new -key "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -config "${TMP_SSL_CERTIFICATE_ROOTPATH}/openssl.conf" cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" openssl rsa -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -
Aug 14, 2017 . No changes.There are no files selected for viewing
-
Aug 14, 2017 . 1 changed file with 31 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,31 @@ [ req ] distinguished_name = req_distinguished_name req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CA stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Quebec localityName = Locality Name (eg, city) localityName_default = Montreal organizationName = Organization Name (eg, company) organizationName_default = Your company name organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Web Technologies commonName = Common Name (eg, your name or your server's hostname) commonName_max = 64 commonName_default = www.yourdomain.org emailAddress = Email Address emailAddress_max = 64 emailAddress_default = [email protected] [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [ alt_names ] DNS.1 = alt.yourdomain.org DNS.2 = alt.otherdomain.com -
Jul 27, 2017 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,12 +28,12 @@ openssl x509 -req -extensions v3_req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in # CA Cert openssl x509 -req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -CA "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -CAkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -set_serial 01 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" # (Optional) Install CA cert if [ -f "/etc/redhat-release" ]; then update-ca-trust force-enable cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/etc/pki/ca-trust/source/anchors/" update-ca-trust extract elif [ -f "/etc/debian-release" ]; cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/usr/local/share/ca-certificates/" update-ca-certificates fi -
Jul 27, 2017 . 1 changed file with 13 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ #! /bin/bash ########## # Config # ########## @@ -23,8 +25,18 @@ openssl req -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTI # Self-signed for TEST ONLY!!! # **************************** openssl x509 -req -extensions v3_req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -signkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -extfile "${TMP_SSL_CERTIFICATE_ROOTPATH}/conf/openssl.conf" # CA Cert openssl x509 -req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -CA "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -CAkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -set_serial 01 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" # (Optional) Install CA cert if [ -f "/etc/redhat-release" ] then update-ca-trust force-enable cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/etc/pki/ca-trust/source/anchors/" update-ca-trust extract elif [ -f "/etc/debian-release" ] cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" "/usr/local/share/ca-certificates/" update-ca-certificates fi # View CSR openssl req -text -noout -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" openssl x509 -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" | openssl md5 # Validate with .key and .csr -
Jul 27, 2017 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,7 @@ # Config # ########## TMP_SSL_CERTIFICATE_NAME=yourdomain.org TMP_SSL_CERTIFICAT_VALID_DAYS=1095 ######### if [ -n "$1" ]; then TMP_SSL_CERTIFICATE_NAME=$1; fi @@ -21,7 +22,9 @@ openssl req -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTI # **************************** # Self-signed for TEST ONLY!!! # **************************** openssl x509 -req -extensions v3_req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -signkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -extfile "${TMP_SSL_CERTIFICATE_ROOTPATH}/conf/openssl.conf" # (Optional) CA Cert openssl x509 -req -days ${TMP_SSL_CERTIFICAT_VALID_DAYS} -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -CA "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -CAkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -set_serial 01 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.ca.crt" # View CSR openssl req -text -noout -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" openssl x509 -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" | openssl md5 # Validate with .key and .csr -
Jul 26, 2017 . No changes.There are no files selected for viewing
-
Jul 25, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,27 @@ ########## # Config # ########## TMP_SSL_CERTIFICATE_NAME=yourdomain.org ######### if [ -n "$1" ]; then TMP_SSL_CERTIFICATE_NAME=$1; fi TMP_SSL_CERTIFICATE_ROOTPATH="$(dirname $0)/.." TMP_SSL_CERTIFICATE_FULLNAME=${TMP_SSL_CERTIFICATE_NAME} openssl genrsa -des3 -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" 3072 openssl req -new -key "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -config "${TMP_SSL_CERTIFICATE_ROOTPATH}/conf/openssl.conf" cp "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" openssl rsa -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key.org" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" # Detect if the key and csr are compatible openssl rsa -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" | openssl md5 openssl req -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" | openssl md5 # **************************** # Self-signed for TEST ONLY!!! # **************************** openssl x509 -req -extensions v3_req -days 1095 -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" -signkey "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.key" -out "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" -extfile "${TMP_SSL_CERTIFICATE_ROOTPATH}/conf/openssl.conf" # View CSR openssl req -text -noout -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.csr" openssl x509 -noout -modulus -in "${TMP_SSL_CERTIFICATE_ROOTPATH}/${TMP_SSL_CERTIFICATE_FULLNAME}.crt" | openssl md5 # Validate with .key and .csr