Skip to content

lstellway/self-signed-ssl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ANNOUNCEMENT

I have released another PKI utility named acert.
It is a Golang project and independent of OpenSSL.
Options, options... 🤔


Self Signed SSL

This script simplifies the creation of certificate authorities, signing requests and self-signed TLS certificates using OpenSSL.

Video Tutorial

Self-Signed SSL - Introduction Video


Installation


Homebrew (MacOS)

brew tap lstellway/formulae
brew install lstellway/formulae/self-signed-ssl

cURL

curl --output self-signed-ssl https://raw.githubusercontent.com/lstellway/self-signed-ssl/master/self-signed-ssl && chmod +x self-signed-ssl

Usage

self-signed-ssl [OPTIONS]

# Run with no arguments to be prompted for required values
self-signed-ssl

# Only create a certificate authority and trust the generated certificate
self-signed-ssl --ca-only --trust

# Only create a certificate signing request
self-signed-ssl --csr-only

# Generate a signed certificate using existing files
self-signed-ssl --ca='/path/to/CA.pem' --ca-key='/path/to/CA.key' --csr='/path/to/EXAMPLE.csr'

# Automate certificate generation
self-signed-ssl --no-interaction -c 'US' -s 'California' -l 'Los Angeles' -o 'Example Org' -u 'Example Unit' -n 'example.com' -a 'www.example.com'

Options


General

Option Description
-h --help Display help and exit
-v --version Display the script version and exit
-p VALUE --path=VALUE Path to output generated keys
-d VALUE --duration=VALUE Number of days the certificate is valid (default 365)
-b VALUE --bits=VALUE Key size in bits (default 2048)
--no-interaction Disables interactive prompts for unspecified variables.
(OpenSSL may still prompt for values)

Certificate Authority

Option Description
--ca=VALUE Path to certificate authority cert file
(Generates new CA if not set)
--ca-key=VALUE Path to certificate authority key file
(Generates new CA if not set)
--ca-only Instructs script to solely generate a certificate authority
--ca-ext Allow passing extensions to the CA request
-t --trust Flag to trust certificate authority (requires sudo privileges)
(Currently supports Darwin/MacOS, Fedora/CentOS, Debian/Ubuntu)

Certificate Signing Request

Option Description
--csr Path to certificate signing request
(Generates new certificate signing request if not set)
--csr-only Instructs script to solely generate a certificate signing request

Certificate / Subject

Option Description
--extfile=VALUE Path to file containing OpenSSL certificate extensions
(Optional - generated if not provided)
-c VALUE --country=VALUE Country Name (2 letter code)
-s VALUE --state=VALUE State or Province Name (full name)
-l VALUE --locality=VALUE Locality Name (eg, city)
-o VALUE --organization=VALUE Organization Name (eg, company)
-u VALUE --unit=VALUE Organizational Unit Name (eg, section)
-n VALUE --common-name=VALUE Common Name (e.g. server FQDN or YOUR name)
-a VALUE --san=VALUE Comma-delimited list of subject alternative names (Subdomains, etc..)
-e VALUE --email=VALUE Email Address

Resources