46 lines
1.2 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
set -eEuo pipefail
unset CDPATH
# force the script to first switch to the directory containing the script before
# messing with the filesystem
cd "$(dirname "$0")"
rm -rf *.crt *.key
openssl genrsa -out ca-root.key 4096
openssl req -x509 -new -nodes -key ca-root.key -out ca-root.crt \
-subj "/C=US/ST=CA/O=/CN=SDS Test CA Cert" \
-sha256 -days 3650
function gen_cert {
local FILE_NAME=$1
local DNS_NAME=$2
openssl genrsa -out "$FILE_NAME.key" 2048
openssl req -new -key "$FILE_NAME.key" -out "$FILE_NAME.csr" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:$DNS_NAME")) \
-subj "/C=US/ST=CA/O=/CN=$DNS_NAME"
openssl x509 -req -in "$FILE_NAME.csr" \
-CA ca-root.crt -CAkey ca-root.key -CAcreateserial \
-out "$FILE_NAME.crt" -days 3650 -sha256 \
-extfile <(printf "subjectAltName=DNS:$DNS_NAME")
rm "$FILE_NAME.csr"
}
DOMAINS="www.example.com foo.example.com *.ingress.consul"
for domain in $DOMAINS
do
# * in file names is interpreted as a global and all sorts of things go
# strange!
FILE_NAME="$domain"
if [ ${domain:0:2} == "*." ]; then
FILE_NAME="wildcard.${domain:2}"
fi
gen_cert $FILE_NAME $domain
done