csit.infra.dash/do_certs.sh

   1 #!/usr/bin/env bash
   2
   3 mkdir -p ./nginx/ssl
   4 cd ./nginx/ssl
   5
   6 FILE_NAME="subdomains.amazonaws.com"
   7
   8 openssl genrsa -des3 -out CA.key 2048
   9
  10 openssl req -x509 -new -nodes -key CA.key -sha256 -days 8000 -out CA.pem
  11
  12 openssl x509 -in CA.pem -inform PEM -out CA.crt
  13
  14 openssl genrsa -out $FILE_NAME.key 2048
  15 openssl req -new -key $FILE_NAME.key -out $FILE_NAME.csr
  16
  17 cat > $FILE_NAME.ext << EOF
  18 authorityKeyIdentifier=keyid,issuer
  19 basicConstraints=CA:FALSE
  20 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
  21 subjectAltName = @alt_names
  22 [alt_names]
  23 DNS.1 = *.amazonaws.com
  24 DNS.2 = *.us-east-1.amazonaws.com
  25 DNS.3 = *.s3.amazonaws.com
  26 EOF
  27
  28 openssl x509 -req -in $FILE_NAME.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out $FILE_NAME.crt -days 8000 -sha256 -extfile $FILE_NAME.ext