Generating self signed SSL certificates

Creating a self signed certificate is relatively easy. Once the certificate of authority has been established, generating certificates off of it is rather straight forward. However, the commands can get lost over time since one is not generating certificates every day. To simplify matters, a quick script handles all of the necessary steps to generate the certificate.

#!/bin/sh
#
#  MakePEM                                              Author: Rich West
#                                                       Rich.West@wesmo.com
#
# A simple script to generate a self signed certificate that does not require
# a passphrase in order to use it.
################################################################################

##
# Make sure we are started as we should be.
##
if [ "X"$1 == "X" ] || [ "X"$2 == "X" ] || [ "X"$3 == "X" ]; then
        echo "Usage: $0 <serial number> <days> <certificate_file.pem>"
        echo
        exit;
fi

##
# Set our defaults
##
ssldir=/usr/bin
conf=/etc/ssl/openssl.cnf
certs_dir=/etc/ssl/certs
serial=$1
days=$2
cert=$3

##
# Generate the certificate.
##
$ssldir/openssl req -new -x509 -days $days -config $conf \
-out $certs_dir/$cert -keyout $certs_dir/$cert \
-set_serial $serial
##
# Sign the certificate
##
$ssldir/openssl gendh >> $certs_dir/$cert

##
# We need randomness
##
$ssldir/openssl gendh -rand \
`test -c /dev/urandom && echo /dev/urandom` 1024 >> $certs_dir/$cert

##
# For sanity sake, display the contents of the generated and signed certificate.
##
echo
echo "Your new certificate is as follows:"
$ssldir/openssl x509 -subject -dates -fingerprint -noout \
-in $certs_dir/$cert

##
# Make it only readable by the owner.
##
chmod 600 $certs_dir/$cert

Leave a Reply