In my former post i described a way how to create self signed SSL certificates with an own certificate authority. These certificates didn’t work in latest chrome versions so I updated my scripts to create valid certificates for chrome. This time I only create wildcard certificates because creating one for every subdomain was annoying.
#!/bin/bash if [ -e ca.key ]; then echo "ca.key already exists" exit 1 fi openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \ -subj "/C=AT/ST=Vienna/L=Vienna/O=Coffeebeans/CN=Coffeebeans Domain Validation Secure Server CA/emailAddress=office@coffeebeans.at"
#!/bin/bash NAME=star.$1 if [ "star." == $NAME ]; then echo "usage: $0 <domain.name>" exit 1 fi if [ -e $NAME.key ]; then echo "$NAME.key already exists" exit 1 fi if [ ! -e ca.crt ]; then echo "no ca certificate created" exit 1 fi CONFIG=$(cat <<-EOF [ca] default_ca=CA_default [CA_default] dir=./ca database=$dir/index.txt new_certs_dir=$dir/newcerts serial=$dir/serial private_key=./ca.key certificate=./ca.crt default_days=3650 default_md=sha256 policy=policy_anything copy_extensions=copyall [policy_anything] countryName=optional stateOrProvinceName=optional localityName=optional organizationName=optional organizationalUnitName=optional commonName=supplied emailAddress=optional [req] default_bits=4096 prompt=no default_md=sha256 req_extensions=req_ext distinguished_name=dn [ dn ] C=AT ST=Vienna L=Vienna OU=Domain Control Validated emailAddress=office@coffeebeans.at CN=*.$1 [ req_ext ] subjectAltName=@alt_names [ alt_names ] DNS.1=$1 DNS.2=*.$1 EOF ) # PREPARE echo "$CONFIG" > config.txt if [ ! -d ./ca ]; then mkdir -p ./ca/newcerts touch ./ca/index.txt fi openssl genrsa -out $NAME.key 4096 openssl req -new -key $NAME.key -out $NAME.csr -config config.txt openssl ca -create_serial -batch -in $NAME.csr -out $NAME.crt -config config.txt # CLEANUP rm -f *.csr config.txt chmod 644 *.key *.crt
I also tried to use these certificates in postfix which did NOT work. To create files for postfix see my former post.