73 lines
3.3 KiB
Bash
73 lines
3.3 KiB
Bash
#!/bin/bash
|
|
|
|
# Script to generate self-signed certificates for Nginx Proxy Manager
|
|
|
|
# Prompt for domain
|
|
read -p "Enter the domain for the certificates (e.g., example.com): " DOMAIN
|
|
|
|
if [ -z "$DOMAIN" ]; then
|
|
echo "Error: Domain not provided."
|
|
exit 1
|
|
fi
|
|
|
|
CERTS_DIR="/opt/stacks/browser/data/certs"
|
|
|
|
# Create certs directory if it doesn't exist
|
|
mkdir -p "$CERTS_DIR"
|
|
|
|
# Function to generate root CA
|
|
generate_root_ca() {
|
|
echo "Generating Root CA..."
|
|
openssl genrsa -out "$CERTS_DIR/rootCA.key" 4096
|
|
openssl req -x509 -new -nodes -key "$CERTS_DIR/rootCA.key" -sha256 -days 3650 -out "$CERTS_DIR/rootCA.crt" -subj "/CN=$DOMAIN Root CA"
|
|
}
|
|
|
|
# Function to generate intermediate CA
|
|
generate_intermediate_ca() {
|
|
echo "Generating Intermediate CA..."
|
|
openssl genrsa -out "$CERTS_DIR/intermediateCA.key" 4096
|
|
openssl req -new -key "$CERTS_DIR/intermediateCA.key" -out "$CERTS_DIR/intermediateCA.csr" -subj "/CN=$DOMAIN Intermediate CA"
|
|
openssl x509 -req -in "$CERTS_DIR/intermediateCA.csr" -CA "$CERTS_DIR/rootCA.crt" -CAkey "$CERTS_DIR/rootCA.key" -CAcreateserial -out "$CERTS_DIR/intermediateCA.crt" -days 3650 -sha256
|
|
}
|
|
|
|
# Function to generate wildcard certificate
|
|
generate_wildcard_cert() {
|
|
echo "Generating Wildcard Certificate..."
|
|
openssl genrsa -out "$CERTS_DIR/wildcard.key" 4096
|
|
openssl req -new -key "$CERTS_DIR/wildcard.key" -out "$CERTS_DIR/wildcard.csr" -subj "/CN=*.$DOMAIN" -addext "subjectAltName = DNS:$DOMAIN,DNS:*.$DOMAIN"
|
|
openssl x509 -req -in "$CERTS_DIR/wildcard.csr" -CA "$CERTS_DIR/intermediateCA.crt" -CAkey "$CERTS_DIR/intermediateCA.key" -CAcreateserial -out "$CERTS_DIR/wildcard.crt" -days 3650 -sha256
|
|
}
|
|
|
|
# Function to export certificates for cross-platform compatibility
|
|
export_certs() {
|
|
echo "Exporting certificates for cross-platform compatibility..."
|
|
|
|
# Export root CA to .pfx (Windows)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/rootCA.pfx" -inkey "$CERTS_DIR/rootCA.key" -in "$CERTS_DIR/rootCA.crt" -passout pass:
|
|
|
|
# Export intermediate CA to .pfx (Windows)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/intermediateCA.pfx" -inkey "$CERTS_DIR/intermediateCA.key" -in "$CERTS_DIR/intermediateCA.crt" -passout pass:
|
|
|
|
# Export wildcard cert to .pfx (Windows)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/wildcard.pfx" -inkey "$CERTS_DIR/wildcard.key" -in "$CERTS_DIR/wildcard.crt" -passout pass:
|
|
|
|
# Export root CA to .p12 (Cross-platform)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/rootCA.p12" -inkey "$CERTS_DIR/rootCA.key" -in "$CERTS_DIR/rootCA.crt" -passout pass:
|
|
|
|
# Export intermediate CA to .p12 (Cross-platform)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/intermediateCA.p12" -inkey "$CERTS_DIR/intermediateCA.key" -in "$CERTS_DIR/intermediateCA.crt" -passout pass:
|
|
|
|
# Export wildcard cert to .p12 (Cross-platform)
|
|
openssl pkcs12 -export -out "$CERTS_DIR/wildcard.p12" -inkey "$CERTS_DIR/wildcard.key" -in "$CERTS_DIR/wildcard.crt" -passout pass:
|
|
}
|
|
|
|
# Main script execution
|
|
generate_root_ca
|
|
generate_intermediate_ca
|
|
generate_wildcard_cert
|
|
export_certs
|
|
|
|
echo "Certificates generated and saved in $CERTS_DIR:"
|
|
echo "- Root CA: rootCA.crt, rootCA.key, rootCA.pfx, rootCA.p12"
|
|
echo "- Intermediate CA: intermediateCA.crt, intermediateCA.key, intermediateCA.pfx, intermediateCA.p12"
|
|
echo "- Wildcard: wildcard.crt, wildcard.key, wildcard.pfx, wildcard.p12" |