create self signed cert.sh - achaux/simplesaml GitHub Wiki
#!/bin/sh
# Generate a self-signed SSL certificate for local development
# Make sure the directories specified for $SERVER_CERTS_BASE_DIR exist.
# You may need to modify directory locations based on your webserver setup.
# Specify the hostname of the website, i.e. www.example.com
HOST_NAME=sp.local
# Specify where to store the certificates
SERVER_CERTS_BASE_DIR=/usr/local/zend/apache2/conf/
# Display instructions to user:
echo
echo
echo "#########################################################################################"
echo "# PLEASE READ THE FOLLOWING INSTRUCTIONS #"
echo "#########################################################################################"
echo
echo "provide a pass phrase when asked to 'Enter pass phrase for $HOST_NAME.orig.key'"
echo "provide a pass phrase when asked 'Verifying - Enter pass phrase for $HOST_NAME.orig.key'"
echo "provide a pass phrase when asked 'Enter pass phrase for $HOST_NAME.orig.key'"
echo
echo "type 'US' when asked 'Country Name (2 letter code) [AU]:'"
echo "type 'CO' when asked 'State or Province Name (full name) [Some-State]:'"
echo "type 'BOULDER' when asked 'Locality Name (eg, city) []:'"
echo "enter your company name when asked 'Organization Name (eg, company) [Internet Widgits Pty Ltd]:'"
echo "type '$HOST_NAME' when asked 'Organizational Unit Name (eg, section) []:'"
echo "type '$HOST_NAME' when asked 'Common Name (e.g. server FQDN or YOUR name) []:'"
echo "type your email address when asked 'Email Address []:'"
echo
echo "Leave blank (hit enter) when asked for 'A challenge password []:'"
echo "Leave blank (hit enter) when asked for 'An optional company name []:'"
echo
# 1) Generate a 2048 bit private key with a password
openssl genrsa -des3 -out $HOST_NAME.orig.key 2048
# 2) Remove the pass phrase of the RSA private key,
# otherwise you will have to enter pass phrase every time you start apache
openssl rsa -in $HOST_NAME.orig.key -out $HOST_NAME.key
# 3) Generate certificate signing request
openssl req -new -key $HOST_NAME.key -out $HOST_NAME.csr
# 4) Generate the SSL certificate
openssl x509 -req -days 9999 -in $HOST_NAME.csr -signkey $HOST_NAME.key -out $HOST_NAME.crt
# 5) Move files into place
if [ ! -d "$SERVER_CERTS_BASE_DIR/certs" ]
then
mkdir $SERVER_CERTS_BASE_DIR/certs;
fi
if [ ! -d "$SERVER_CERTS_BASE_DIR/private" ]
then
mkdir $SERVER_CERTS_BASE_DIR/private;
fi
if [ ! -d "$SERVER_CERTS_BASE_DIR/ssl.key" ]
then
mkdir $SERVER_CERTS_BASE_DIR/ssl.key;
fi
mv -f $HOST_NAME.crt $SERVER_CERTS_BASE_DIR/certs/$HOST_NAME.crt
mv -f $HOST_NAME.csr $SERVER_CERTS_BASE_DIR/private/$HOST_NAME.csr
mv -f $HOST_NAME.key $SERVER_CERTS_BASE_DIR/ssl.key/$HOST_NAME.key
#6 ) Clean up
rm ./$HOST_NAME.orig.key