Category Archives: シェルスクリプト

[sh] オレオレ証明書作成シェルスクリプト

Pocket

すぐに作り方を忘れるので、シェルスクリプトを記録しておく。
変数OPENSSLにopensslをフルパスで与えること。
あとはchmod 755して実行すればカレントディレクトリにserver.crtとserver.keyができる。
おまけでDHパラメータ、dhparam.pemもできる。

#!/bin/sh

# Generates a self-signed certificate.

OPENSSL=/usr/bin/openssl
KEYFILE=server.key
CERTFILE=server.crt
SIGNREQ=server.csr
DHPARAM=dhparam.pem

if [ -f $CERTFILE ]; then
  echo "$CERTFILE already exists, won't overwrite"
  exit 1
fi

if [ -f $KEYFILE ]; then
  echo "$KEYFILE already exists, won't overwrite"
  exit 1
fi

if [ -f $SIGNREQ ]; then
  echo "$SIGNREQ already exists, won't overwrite"
  exit 1
fi

echo
echo "Generating key file, $KEYFILE"
echo "============================"
$OPENSSL genrsa 2048 > $KEYFILE || exit 2
chmod 0600 $KEYFILE
echo "============================"
echo
echo "Generating sign request file, $SIGNREQ"
echo "============================"
$OPENSSL req -new -key $KEYFILE > $SIGNREQ || exit2
echo "============================"
echo
echo "Generating cert file, $CERTFILE"
echo "============================"
$OPENSSL x509 -days 3650 -req -signkey $KEYFILE < $SIGNREQ > $CERTFILE || exit2
echo "============================"
echo
echo "Generating DH key, $DHPARAM"
echo "============================"
$OPENSSL dhparam -out $DHPARAM 2048
echo "============================"
echo
echo "Now you have $CERTFILE, $KEYFILE and $DHPARAM"
echo

参考
http://d.hatena.ne.jp/rikunora/20120514/p1
http://qiita.com/kunichiko/items/12cbccaadcbf41c72735