create self signed cert.sh - achaux/simplesaml GitHub Wiki

#!/bin/sh

# Generate a self-signed SSL certificate for local development
# Make sure the directories specified for $SERVER_CERTS_BASE_DIR exist.
# You may need to modify directory locations based on your webserver setup.

# Specify the hostname of the website, i.e. www.example.com
HOST_NAME=sp.local

# Specify where to store the certificates
SERVER_CERTS_BASE_DIR=/usr/local/zend/apache2/conf/

# Display instructions to user:

echo
echo
echo "#########################################################################################"
echo "#                    PLEASE READ THE FOLLOWING INSTRUCTIONS                             #"
echo "#########################################################################################"
echo
echo "provide a pass phrase when asked to 'Enter pass phrase for $HOST_NAME.orig.key'"
echo "provide a pass phrase when asked 'Verifying - Enter pass phrase for $HOST_NAME.orig.key'"
echo "provide a pass phrase when asked 'Enter pass phrase for $HOST_NAME.orig.key'"
echo
echo "type 'US' when asked 'Country Name (2 letter code) [AU]:'"
echo "type 'CO' when asked 'State or Province Name (full name) [Some-State]:'"
echo "type 'BOULDER' when asked 'Locality Name (eg, city) []:'"
echo "enter your company name when asked 'Organization Name (eg, company) [Internet Widgits Pty Ltd]:'"
echo "type '$HOST_NAME' when asked 'Organizational Unit Name (eg, section) []:'"
echo "type '$HOST_NAME' when asked 'Common Name (e.g. server FQDN or YOUR name) []:'"
echo "type your email address when asked 'Email Address []:'"
echo
echo "Leave blank (hit enter) when asked for 'A challenge password []:'"
echo "Leave blank (hit enter) when asked for 'An optional company name []:'"
echo

# 1) Generate a 2048 bit private key with a password
openssl genrsa -des3 -out $HOST_NAME.orig.key 2048

# 2) Remove the pass phrase of the RSA private key, 
# otherwise you will have to enter pass phrase every time you start apache
openssl rsa -in $HOST_NAME.orig.key -out $HOST_NAME.key

# 3) Generate certificate signing request
openssl req -new -key $HOST_NAME.key -out $HOST_NAME.csr

# 4) Generate the SSL certificate
openssl x509 -req -days 9999 -in $HOST_NAME.csr -signkey $HOST_NAME.key -out $HOST_NAME.crt

# 5) Move files into place
if [ ! -d "$SERVER_CERTS_BASE_DIR/certs" ]
then
  mkdir $SERVER_CERTS_BASE_DIR/certs;
fi
if [ ! -d "$SERVER_CERTS_BASE_DIR/private" ]
then
  mkdir $SERVER_CERTS_BASE_DIR/private;
fi
if [ ! -d "$SERVER_CERTS_BASE_DIR/ssl.key" ]
then
  mkdir $SERVER_CERTS_BASE_DIR/ssl.key;
fi
mv -f $HOST_NAME.crt $SERVER_CERTS_BASE_DIR/certs/$HOST_NAME.crt
mv -f $HOST_NAME.csr $SERVER_CERTS_BASE_DIR/private/$HOST_NAME.csr
mv -f $HOST_NAME.key $SERVER_CERTS_BASE_DIR/ssl.key/$HOST_NAME.key

#6 ) Clean up
rm ./$HOST_NAME.orig.key