frntn/x509-san frntn/x509-san

  • Stars
    star
    147
  • Rank 251,347 (Top 5 %)
  • Language
    Shell
  • Created over 9 years ago
  • Updated about 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
frntn/x509-san
github

frntn

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate self-signed x509 certificates valid for multiple URLs/IPs

frntn/x509-san

Generate a self-signed x509v3 certificate for use with multiple URLs / IPs

Generate

Default values

curl -sSL https://raw.githubusercontent.com/frntn/x509-san/master/gencert.sh | CRT_CN="client.com" CRT_SAN="DNS.1:www.client.com,DNS.2:admin.client.com,IP.1:192.168.1.10,IP.2:10.0.0.234" bash

Custom values

Simply change the CRT_CN and CRT_SAN values of the above command to fit your needs...

Additionally you can use any of these environment variables :

  • CRT_C : Country value
  • CRT_L : Locality value
  • CRT_O : Organization value
  • CRT_OU : Organizational Unit value
  • CRT_CN : Common Name value
  • CRT_SAN : SubjectAltName value

Result

The command will generate two files:

  • pkcs#8 private key : frntn-x509-san.key
  • x509v3 certificate : frntn-x509-san.crt

You can then check the certificate content by using the following standard x509 command :

openssl x509 -in frntn-x509-san.crt -noout -text

Secure

The generated private key is passwordless by default.

You can secure/unsecure using standard pkcs8 commands :

# secure
openssl pkcs8 -in frntn-x509-san.key -topk8 -v2 des3 -out frntn-x509-san.secure.key

# unsecure
openssl pkcs8 -in frntn-x509-san.secure.key -topk8 -nocrypt -out frntn-x509-san.key

Screenshots

With the default values, the certificate will look like (screenshots from Chrome certificate viewer):

certificate-viewer-summary certificate-viewer-extensions-details

Additional Reading

More Repositories

1

pki-manager

IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts
Shell
36
star
2

vagrant-elk-clientserver

A complete multi vms environnement : Client (logstash-forwarder) / Server (ELK stack) based on vagrant boxes built with packer for virtualbox provider
Shell
34
star
3

docker-tls-helper

Automate the process of creating the numerous certificates and keys to secure your docker daemon over TLS
Shell
24
star
4

docker-datacenter-helper

🐳 Up & Running Docker Datacenter solution in minutes
Shell
15
star
5

vault-token-helper-gopass

@HashiCorp Vault token helper for Gopass
Shell
12
star
6

docker-cloud9

🐳 Web-based IDE inside a docker container
7
star
7

vault-unattended-pki

Create a PKI and isssue your first server/client certificates using Hashicorp's Vault, with no human interaction
Shell
5
star
8

devcontainers-features

Shell
2
star
9

try_git

1
star
10

frntn.github.com

frntn's personal weblog
JavaScript
1
star