blob: f20ddbc5ef6b760348dd8f3e08b70cb82720f638 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
#!/usr/bin/env bash
mkdir -p ./nginx/ssl
cd ./nginx/ssl
FILE_NAME="subdomains.amazonaws.com"
openssl genrsa -des3 -out CA.key 2048
openssl req -x509 -new -nodes -key CA.key -sha256 -days 8000 -out CA.pem
openssl x509 -in CA.pem -inform PEM -out CA.crt
openssl genrsa -out $FILE_NAME.key 2048
openssl req -new -key $FILE_NAME.key -out $FILE_NAME.csr
cat > $FILE_NAME.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.amazonaws.com
DNS.2 = *.us-east-1.amazonaws.com
DNS.3 = *.s3.amazonaws.com
EOF
openssl x509 -req -in $FILE_NAME.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out $FILE_NAME.crt -days 8000 -sha256 -extfile $FILE_NAME.ext
|
