This is my quick shell script wrapper using dialog to create a new signed key with my own CA.
#!/bin/bash set -e hostname=`dialog --stdout --clear --inputbox "hostname (pl: www.tricon.hu)" 8 50` hostmaster=`dialog --stdout --clear --inputbox "hostmaster e-mail (pl: hostmaster@tricon.hu)" 8 50` cp reqtemplate_openssl.cnf reqs/$hostname.req.openssl.conf rpl "|HOSTNAME|" "$hostname" reqs/$hostname.req.openssl.conf rpl "|HOSTMASTER|" "$hostmaster" reqs/$hostname.req.openssl.conf openssl req -new -nodes -out reqs/$hostname.req.pem -keyout keys/$hostname.key.pem -config reqs/$hostname.req.openssl.conf openssl ca -out certs/$hostname.cert.pem -config ./openssl.cnf -infiles reqs/$hostname.req.pem echo "Kesz, ezt a ket fajlt kell hasznalnod:" echo "keys/$hostname.key.pem" echo "certs/$hostname.cert.pem" echo "" echo "A CA cert a cacert.pem fajlban van, ezt kell telepiteni a kliensekben" echo "" echo "Az /etc/CA konyvtarban es alkonyvtaraiban fajlokat torolni, atnevezni TILOS!"
contents of reqtemplate_openssl.cnf follows:
# # OpenSSL configuration file. # [ req ] default_bits = 1024 # Size of keys default_md = md5 # message digest algorithm default_keyfile = keys/|HOSTNAME|.key.pem string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [ req_distinguished_name ] countryName = HU stateOrProvinceName = Budapest localityName = Budapest organizationName = TRICON organizationalUnitName = |HOSTNAME| commonName = |HOSTNAME| emailAddress = |HOSTMASTER| [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash