55 lines
1.3 KiB
Bash
55 lines
1.3 KiB
Bash
#!/bin/bash
|
|
#Generate mutidomain self-signed certificate
|
|
##brammp 2023##
|
|
|
|
HostName=$(hostname)
|
|
IPAddress=$(hostname -i)
|
|
ServiceName=xRDP
|
|
|
|
#OpenSSL Config
|
|
cat <<EOF > customopenssl.cnf
|
|
[req]
|
|
distinguished_name = req_distinguished_name
|
|
# The extensions to add to the self signed cert
|
|
x509_extensions = v3_ca
|
|
# Run non-interactively
|
|
prompt = no
|
|
#distinguished_name = req_distinguished_name
|
|
#req_extensions = req_ext
|
|
|
|
[req_distinguished_name]
|
|
# Certificate subject
|
|
countryName = NL
|
|
#stateOrProvinceName =
|
|
#localityName = Sunnyvale
|
|
organizationName = Home
|
|
#organizationalUnitName =
|
|
commonName = $ServiceName
|
|
#emailAddress =
|
|
|
|
[v3_ca]
|
|
# Extensions for a typical CA - PKIX recommendation.
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always, issuer
|
|
basicConstraints = CA:true
|
|
|
|
[ v3_req ]
|
|
# Extensions to add to a certificate request
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1 = $HostName
|
|
DNS.2 = $IPAddress
|
|
EOF
|
|
|
|
#Generate Cert
|
|
openssl genrsa -out key.pem 2048
|
|
openssl req -new -out csr.pem -key key.pem -config customopenssl.cnf
|
|
openssl x509 -req -days 3650 -in csr.pem -signkey key.pem -out cert.pem -extensions v3_req -extfile customopenssl.cnf
|
|
|
|
|
|
# Cleanup
|
|
rm -f customopenssl.cnf csr.pem
|