Generate certificate signing requests in batch.
Requires input with hostnames with one hostname per line.
Empty line means new signing request.
Read EXAMPLE.csrgen for more information.
Input can be provided as stdin or by providing the filename as argument.
Comes with a basic openssl.conf included for your convenience.
In the following commands, you must replace the variables with the filename. All files end with .pem and start with the same string as the variable, but in lowercase.
So, for example, ${CSR_FILE} will become csr-example.com.pem.
openssl req -noout -text -verify -in "${CSR_FILE}"Takes a csr file and gives readable detailed output. Search for Subject: and X509v3 Subject Alternative Name:
tar zc */csr-*.pem > csrs.tgzWhen run from the same directory where you ran csrgen from, this will generate a csrs.tgz in the current directory. The resulting file will contain all csr files.
openssl x509 -req -days 30 -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CERT_FILE}"This will give you a certificate file which is valid for one month.
That should be plenty of time to wait for the real deal.
If you think you will need more time, you can change the -days 30 parameter to something bigger.
Alternatively, you can make a self-signed certificate without a CSR.
openssl req -x509 -new -key "${KEY_FILE}" -out "${CERT_FILE}"openssl x509 -text -noout -in "${CERT_FILE}"Takes a signed certificate and shows detailed readable contents.
openssl pkcs12 -export -out "${OUT_FILE}" -inkey "${KEY_FILE}" -in "${CERT_FILE}" -certfile "${CHAIN_FILE}"`Takes private key, certificate and chain and generates a .p12 file which will contain them all. This is useful for using the certificate in systems which require .p12, such as Windows Server.