https://github.com/lstellway/self-signed-ssl
Generate self-signed TLS certificate using OpenSSL
https://github.com/lstellway/self-signed-ssl
bash-script openssl self-signed-certificate
Last synced: 6 months ago
JSON representation
Generate self-signed TLS certificate using OpenSSL
- Host: GitHub
- URL: https://github.com/lstellway/self-signed-ssl
- Owner: lstellway
- License: mit
- Created: 2017-09-15T00:56:47.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2021-10-01T15:27:22.000Z (about 4 years ago)
- Last Synced: 2024-02-14T21:59:18.305Z (over 1 year ago)
- Topics: bash-script, openssl, self-signed-certificate
- Language: Shell
- Size: 370 KB
- Stars: 278
- Watchers: 8
- Forks: 79
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
**ANNOUNCEMENT**
> I have released another PKI utility named [acert](https://github.com/lstellway/acert).
> It is a Golang project and independent of OpenSSL.
> Options, options... 🤔
# Self Signed SSL
This script simplifies the creation of certificate authorities, signing requests and self-signed TLS certificates using OpenSSL.
[Video Tutorial](https://www.youtube.com/watch?v=-6_u1dbGARg)
[](https://www.youtube.com/watch?v=-6_u1dbGARg)
## Installation
**Homebrew (MacOS)**
```
brew tap lstellway/formulae
brew install lstellway/formulae/self-signed-ssl
```
**cURL**
```
curl --output self-signed-ssl https://raw.githubusercontent.com/lstellway/self-signed-ssl/master/self-signed-ssl && chmod +x self-signed-ssl
```
## Usage
```shell
self-signed-ssl [OPTIONS]
# Run with no arguments to be prompted for required values
self-signed-ssl
# Only create a certificate authority and trust the generated certificate
self-signed-ssl --ca-only --trust
# Only create a certificate signing request
self-signed-ssl --csr-only
# Generate a signed certificate using existing files
self-signed-ssl --ca='/path/to/CA.pem' --ca-key='/path/to/CA.key' --csr='/path/to/EXAMPLE.csr'
# Automate certificate generation
self-signed-ssl --no-interaction -c 'US' -s 'California' -l 'Los Angeles' -o 'Example Org' -u 'Example Unit' -n 'example.com' -a 'www.example.com'
```
## Options
**General**
| Option | Description |
| ----------------------------- | ----------------------------------------------------------------------------------------------------- |
| `-h` `--help` | Display help and exit |
| `-v` `--version` | Display the script version and exit |
| `-p VALUE` `--path=VALUE` | Path to output generated keys |
| `-d VALUE` `--duration=VALUE` | Number of days the certificate is valid (default `365`) |
| `-b VALUE` `--bits=VALUE` | Key size in bits (default `2048`) |
| `--no-interaction` | Disables interactive prompts for unspecified variables.
_(OpenSSL may still prompt for values)_ |
**Certificate Authority**
| Option | Description |
| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `--ca=VALUE` | Path to certificate authority cert file
_(Generates new CA if not set)_ |
| `--ca-key=VALUE` | Path to certificate authority key file
_(Generates new CA if not set)_ |
| `--ca-only` | Instructs script to solely generate a certificate authority |
| `--ca-ext` | Allow passing extensions to the CA request |
| `-t` `--trust` | Flag to trust certificate authority _(requires `sudo` privileges)_
_(Currently supports Darwin/MacOS, Fedora/CentOS, Debian/Ubuntu)_ |
**Certificate Signing Request**
| Option | Description |
| ------------ | -------------------------------------------------------------------------------------------------- |
| `--csr` | Path to certificate signing request
_(Generates new certificate signing request if not set)_ |
| `--csr-only` | Instructs script to solely generate a certificate signing request |
**Certificate / Subject**
| Option | Description |
| --------------------------------- | ---------------------------------------------------------------------------------------------------- |
| `--extfile=VALUE` | Path to file containing OpenSSL certificate extensions
_(Optional - generated if not provided)_ |
| `-c VALUE` `--country=VALUE` | Country Name (2 letter code) |
| `-s VALUE` `--state=VALUE` | State or Province Name (full name) |
| `-l VALUE` `--locality=VALUE` | Locality Name (eg, city) |
| `-o VALUE` `--organization=VALUE` | Organization Name (eg, company) |
| `-u VALUE` `--unit=VALUE` | Organizational Unit Name (eg, section) |
| `-n VALUE` `--common-name=VALUE` | Common Name (e.g. server FQDN or YOUR name) |
| `-a VALUE` `--san=VALUE` | Comma-delimited list of subject alternative names _(Subdomains, etc..)_ |
| `-e VALUE` `--email=VALUE` | Email Address |
## Resources
- [OpenSSL 1.1.1 Manual](https://www.openssl.org/docs/man1.1.1/man1/)
- [Issues / Feature Requests](https://github.com/lstellway/self-signed-ssl/issues)
- [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/)