letsencrypt-helpers

author: Peter Palfrader <peter@palfrader.org> 2015-12-31 10:22:24 +0100
committer: Peter Palfrader <peter@palfrader.org> 2015-12-31 10:22:29 +0100
commit: 0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch)
tree: cc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/new-csr
parent: 1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/letsencrypt-helpers/new-csr b/letsencrypt-helpers/new-csr
new file mode 100755
index 0000000..7275573
--- /dev/null
+++ b/letsencrypt-helpers/new-csr
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+set -u
+
+cd ~/certs
+
+if [ "$#" = 0 ]; then
+  echo >&2 "Usage: $0 <fqdn> [..]"
+  exit 1
+fi
+
+cn="$1"
+shift
+
+if ! [ -e "$cn.key" ] ; then
+  echo >&2 "$cn.key does not exist."
+  exit 1
+fi
+
+if [ "$#" = 0 ]; then
+  openssl req -new -sha256 -key "$cn.key" -subj "/CN=$cn" -out "$cn.csr"
+  openssl x509 -req -days 365 -in "$cn.csr" -signkey "$cn.key" -out "$cn-selfsigned.pem"
+else
+  tmp="`tempfile`"
+  trap "rm -f '$tmp'" EXIT
+  (
+    cat /etc/ssl/openssl.cnf
+    echo "[SAN]"
+    echo -n "subjectAltName=DNS:$cn"
+    for i in "$@"; do
+      echo -n ",DNS:$i"
+    done
+    echo
+  ) > "$tmp"
+  openssl req -new -sha256 -key "$cn.key" -subj "/" -reqexts SAN -config "$tmp" -out "$cn.csr"
+  openssl x509 -req -days 365 -in "$cn.csr" -signkey "$cn.key" -extensions SAN -extfile "$tmp" -out "$cn-selfsigned.pem"
+fi
author	Peter Palfrader <peter@palfrader.org>	2015-12-31 10:22:24 +0100
committer	Peter Palfrader <peter@palfrader.org>	2015-12-31 10:22:29 +0100
commit	0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch)
tree	cc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/new-csr
parent	1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff)