Diverses/SSL-Zertifikate mit eigener CA erstellen: Unterschied zwischen den Versionen

#!/bin/bash

if [ "$#" -ne 1 ]; then
    echo "Illegal number of parameters"
    exit 1
fi

set -e

######################
# Become a Certificate Authority
######################

SUBJECT="/emailAddress=example@domain.com/C=DE/ST=State/L=City/O=organization/OU=organization unit/CN=$1"

SUBDIR=$1
mkdir -p ${SUBDIR}
cd ${SUBDIR}

# Generate private key
# openssl genrsa -des3 -out myCA.key 2048 # with password
openssl genrsa -out myCA.key 2048

# Generate root certificate
openssl req -x509 -subj "${SUBJECT}" -new -nodes -key myCA.key -sha256 -days 825 -out myCA.pem

######################
# Create CA-signed certs
######################

NAME=$1 # Use your own domain name
# Generate a private key
openssl genrsa -out $NAME.key 2048
# Create a certificate-signing request
openssl req -subj "${SUBJECT}" -new -key $NAME.key -out $NAME.csr
# Create a config file for the extensions
>$NAME.ext cat <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $NAME # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
#DNS.2 = bar.$NAME # Optionally, add additional domains (I've added a subdomain here)
#IP.1 = 192.168.0.13 # Optionally, add an IP address (if the connection which you have planned requires it)
EOF
# Create the signed certificate
openssl x509 -req -in $NAME.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out $NAME.crt -days 825 -sha256 -extfile $NAME.ext

cd ..