create_certs.sh (895B)
1 #!/bin/bash 2 3 mkdir -p example.com example.org 4 5 for domain in "example.com" "example.org" 6 do 7 # create private key 8 openssl genpkey -outform DER -out $domain/key.der -algorithm RSA -pkeyopt rsa_keygen_bits:4096 9 10 # create config file: 11 # the generated certificates must not be CA-capable, otherwise rustls complains 12 cat >openssl.conf <<EOT 13 [req] 14 default_bits = 4096 15 distinguished_name = req_distinguished_name 16 req_extensions = req_ext 17 prompt = no 18 19 [v3_ca] 20 basicConstraints = critical, CA:false 21 22 [req_distinguished_name] 23 commonName = $domain 24 25 [req_ext] 26 subjectAltName = DNS:$domain 27 EOT 28 29 openssl req -new -sha256 -out request.csr -key $domain/key.der -keyform DER -config openssl.conf 30 31 openssl x509 -req -sha256 -days 3650 -in request.csr -outform DER -out $domain/cert.der \ 32 -extensions req_ext -extfile openssl.conf -signkey $domain/key.der -keyform DER 33 done 34 35 # clean up 36 rm openssl.conf request.csr