#!/bin/bash
#Generate mutidomain self-signed certificate
##brammp 2023##

HostName=$(hostname)
IPAddress=$(hostname -i)
ServiceName=xRDP

#OpenSSL Config
cat <<EOF > customopenssl.cnf
[req]
distinguished_name = req_distinguished_name
# The extensions to add to the self signed cert
x509_extensions = v3_ca
# Run non-interactively
prompt = no
#distinguished_name = req_distinguished_name
#req_extensions     = req_ext

[req_distinguished_name]
# Certificate subject
countryName = NL
#stateOrProvinceName =
#localityName = Sunnyvale
organizationName = Home
#organizationalUnitName =
commonName = $ServiceName
#emailAddress =

[v3_ca]
# Extensions for a typical CA - PKIX recommendation.
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer
basicConstraints = CA:true

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $HostName
DNS.2 = $IPAddress
EOF

#Generate Cert
openssl genrsa -out key.pem 2048
openssl req -new -out csr.pem -key key.pem -config customopenssl.cnf
openssl x509 -req -days 3650 -in csr.pem -signkey key.pem -out cert.pem -extensions v3_req -extfile customopenssl.cnf


# Cleanup
rm -f customopenssl.cnf csr.pem