From 0da8acf8974c5d51fd84291091d1f7a1fd8c1176 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 31 Dec 2015 10:22:24 +0100
Subject: letsencrypt-helpers

---
 letsencrypt-helpers/new-csr | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100755 letsencrypt-helpers/new-csr

(limited to 'letsencrypt-helpers/new-csr')

diff --git a/letsencrypt-helpers/new-csr b/letsencrypt-helpers/new-csr
new file mode 100755
index 0000000..7275573
--- /dev/null
+++ b/letsencrypt-helpers/new-csr
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+set -u
+
+cd ~/certs
+
+if [ "$#" = 0 ]; then
+  echo >&2 "Usage: $0 <fqdn> [..]"
+  exit 1
+fi
+
+cn="$1"
+shift
+
+if ! [ -e "$cn.key" ] ; then
+  echo >&2 "$cn.key does not exist."
+  exit 1
+fi
+
+if [ "$#" = 0 ]; then
+  openssl req -new -sha256 -key "$cn.key" -subj "/CN=$cn" -out "$cn.csr"
+  openssl x509 -req -days 365 -in "$cn.csr" -signkey "$cn.key" -out "$cn-selfsigned.pem"
+else
+  tmp="`tempfile`"
+  trap "rm -f '$tmp'" EXIT
+  (
+    cat /etc/ssl/openssl.cnf
+    echo "[SAN]"
+    echo -n "subjectAltName=DNS:$cn"
+    for i in "$@"; do
+      echo -n ",DNS:$i"
+    done
+    echo
+  ) > "$tmp"
+  openssl req -new -sha256 -key "$cn.key" -subj "/" -reqexts SAN -config "$tmp" -out "$cn.csr"
+  openssl x509 -req -days 365 -in "$cn.csr" -signkey "$cn.key" -extensions SAN -extfile "$tmp" -out "$cn-selfsigned.pem"
+fi
-- 
cgit v1.2.3