Generar certificados válidos

Gracias a esto: https://gist.github.com/cecilemuller/9492b848eb8fe46d462abeb26656c4f8
2021-07-22 15:53:21 +00:00 · 2021-07-22 15:53:21 +00:00 · a2a41fe645
commit a2a41fe645
parent 2bf1868e0f
2 changed files with 18 additions and 10 deletions
--- a/domains.ext
+++ b/domains.ext
@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = sutty.local
+DNS.2 = *.sutty.local
--- a/haini.sh
+++ b/haini.sh
@ -81,19 +81,20 @@ generar_certificado() {

  echo "Generando certificados..."

-  correr "openssl genpkey -algorithm RSA -pass pass:sutty -out $ca_key"
-  correr "openssl req -x509 -new -nodes -key $ca_key -sha256 \
-    -passin pass:sutty -passout pass:sutty \
-    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=Sutty Local CA' \
-    -days 3650 -out $ca_crt"
+  correr "openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 \
+    -keyout $ca_key -out $ca_crt.pem -subj '/C=AR/CN=Sutty-Local-CA'"
+  correr "openssl x509 -outform pem -in $ca_crt.pem -out $ca_crt"

  correr "update-ca-certificates"

-  correr "openssl req -nodes -newkey rsa:2048 -keyout $domain_key -out $domain_csr \
-    -subj '/C=IN/ST=Cyberspace/L=Cyberspace/O=Sutty/OU=Espacio/CN=sutty.local/CN=*.sutty.local'"
-  correr "openssl x509 -req -in $domain_csr \
-    -CA $ca_crt -CAkey $ca_key -CAcreateserial \
-    -out $domain_crt -days 3650 -sha256"
+  correr "openssl req -new -nodes -newkey rsa:2048 \
+    -keyout $domain_key -out $domain_csr \
+    -subj '/C=AR/ST=Ninguno/L=Interdimension/O=Sutty-Local/CN=sutty.local'"
+  correr "openssl x509 -req -sha256 -days 3650 \
+    -in $domain_csr -CA $ca_crt.pem -CAkey $ca_key \
+    -CAcreateserial -extfile /Sutty/haini.sh/domains.ext -out $domain_crt"
+
+  rm "$ENTORNO$ca_crt.pem"

  echo "Instalando certificados..."
  if which update-ca-certificates 2>/dev/null; then