Home Technical Articles How-to Articles How to Generate Self-Signed SSL/TLS Certificates With No User Interaction
How to Generate Self-Signed SSL/TLS Certificates With No User Interaction PDF Print E-mail
Written by Sam Caldwell   
Sunday, 30 November 2014 09:55
The following creates a self-signed OpenSSL key and certificate file without any user interaction. This is great for those Puppet/Chef/Docker/Ansible automation tasks where no one should have to interact with the system to generate one-time use key pairs.  It also begs the question, "If a server launches in the woods, should anyone have to be there to hear it?  The answer is no."
#!/bin/bash -e
#
# generateSelfSignedCert
# (c) 2014 Sam Caldwell.  Public Domain
#
KEYFILE=/etc/ssl/private/selfsigned.key
CSRFILE=/etc/ssl/selfsigned.csr
CRTFILE=/etc/ssl/certs/selfsigned.crt
SUBJ="/C=US/ST=TX/L=Austin/O=Sam Caldwell/OU=Public Domain/CN=localhost"

echo "checking for openssl"
which openssl || {
    echo "   openssl needs to be installed.  installing..."
    apt-get update -y
    apt-get install openssl -y
}

which openssl || {
    echo "   openssl failed to install"
    exit 1
}

echo "creating private key and CSR"
openssl req \
        -nodes \
        -newkey rsa:2048 \
        -keyout ${KEYFILE} \
        -out /etc/ssl/selfsigned.csr \
        -subj "${SUBJ}" || exit 1

echo "signing CSR"
openssl x509 \
    -req \
    -days 365 \
    -in ${CSRFILE} \
    -signkey ${KEYFILE} \
    -out ${CRTFILE} || exit 1

echo " "
echo "Generated self-signed certificate"
echo "   KEYFILE: ${KEYFILE}"
echo "   CSRFILE: ${CSRFILE}"
echo "   CRTFILE: ${CRTFILE}"
echo " "
Last Updated on Sunday, 28 December 2014 12:58