Generating self signed SSL certificates

August 14, 2010 | Categories: Linux, Technical | Tags: certificate, certificates, linux, script, self signed No Comments ↓

Creating a self signed certificate is relatively easy. Once the certificate of authority has been established, generating certificates off of it is rather straight forward. However, the commands can get lost over time since one is not generating certificates every day. To simplify matters, a quick script handles all of the necessary steps to generate the certificate.

#!/bin/sh
#
#  MakePEM                                              Author: Rich West
#                                                       Rich.West@wesmo.com
#
# A simple script to generate a self signed certificate that does not require
# a passphrase in order to use it.
################################################################################

##
# Make sure we are started as we should be.
##
if [ "X"$1 == "X" ] || [ "X"$2 == "X" ] || [ "X"$3 == "X" ]; then
        echo "Usage: $0 <serial number> <days> <certificate_file.pem>"
        echo
        exit;
fi

##
# Set our defaults
##
ssldir=/usr/bin
conf=/etc/ssl/openssl.cnf
certs_dir=/etc/ssl/certs
serial=$1
days=$2
cert=$3

##
# Generate the certificate.
##
$ssldir/openssl req -new -x509 -days $days -config $conf \
-out $certs_dir/$cert -keyout $certs_dir/$cert \
-set_serial $serial
##
# Sign the certificate
##
$ssldir/openssl gendh >> $certs_dir/$cert

##
# We need randomness
##
$ssldir/openssl gendh -rand \
`test -c /dev/urandom && echo /dev/urandom` 1024 >> $certs_dir/$cert

##
# For sanity sake, display the contents of the generated and signed certificate.
##
echo
echo "Your new certificate is as follows:"
$ssldir/openssl x509 -subject -dates -fingerprint -noout \
-in $certs_dir/$cert

##
# Make it only readable by the owner.
##
chmod 600 $certs_dir/$cert

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Leave a Reply