mirror of
https://github.com/Telecominfraproject/wlan-lanforge-scripts.git
synced 2025-11-02 03:37:55 +00:00
Script is better way of making certificates with SANs
This commit is contained in:
Jed Reynolds
36
cert-builder.sh
Executable file
36
cert-builder.sh
Executable file
@@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# example based off https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one
|
||||||
|
|
||||||
|
hostname="$1"
|
||||||
|
hostname1=$hostname.local
|
||||||
|
ipaddr=
|
||||||
|
|
||||||
|
cat > tmp_csr_details.txt <<-EOF
|
||||||
|
[req]
|
||||||
|
default_bits = 2048
|
||||||
|
prompt = no
|
||||||
|
default_md = sha256
|
||||||
|
req_extensions = req_ext
|
||||||
|
distinguished_name = dn
|
||||||
|
|
||||||
|
[ dn ]
|
||||||
|
C=US
|
||||||
|
ST=Washington
|
||||||
|
L=Ferndale
|
||||||
|
O=Candela Technologies, Inc.
|
||||||
|
OU=LANforge
|
||||||
|
emailAddress=support@candelatech.com
|
||||||
|
CN = $hostname
|
||||||
|
|
||||||
|
[ req_ext ]
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[ alt_names ]
|
||||||
|
DNS.1 = $hostname1
|
||||||
|
DNS.2 = $ipaddr
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Let’s call openssl now by piping the newly created file in
|
||||||
|
openssl req -new -sha256 -nodes -out ${hostname}.csr -newkey rsa:2048\
|
||||||
|
-keyout ${hostname}.key -config <( cat temp_csr_details.txt )
|
||||||
|
#
|
||||||
Reference in New Issue
Block a user