Last active
April 2, 2024 21:04
-
-
Save pudquick/b8998dd440ebd0bcd17e716b813bcbac to your computer and use it in GitHub Desktop.
Non-interactive self-signed unencrypted keypair generation for HTTPS for arbitrary domain with SAN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make a self-signed private/public keypair usable for HTTPS, including SAN / Subject Alternative Name and CN / Common Name, non-interactively and without additional files | |
| # Parentheses around the command spin it up in a subshell so that the FQDOMAIN variable is local to execution and doesn't persist after it's created | |
| (FQDOMAIN="example.local" && openssl req -x509 -nodes -newkey rsa:4096 -keyout server_key.pem -keyform PEM -days 365 -subj "/CN=${FQDOMAIN}" -addext 'basicConstraints=CA:FALSE' -addext "subjectAltName=DNS:${FQDOMAIN}" -addext 'keyUsage=digitalSignature' -addext 'extendedKeyUsage=serverAuth' -out server_cert.pem -outform PEM 2>/dev/null) | |
| # Alternatively, if you're setting FQDOMAIN somewhere else, you can just run directly: | |
| openssl req -x509 -nodes -newkey rsa:4096 -keyout server_key.pem -keyform PEM -days 365 -subj "/CN=${FQDOMAIN}" -addext 'basicConstraints=CA:FALSE' -addext "subjectAltName=DNS:${FQDOMAIN}" -addext 'keyUsage=digitalSignature' -addext 'extendedKeyUsage=serverAuth' -out server_cert.pem -outform PEM 2>/dev/null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment