From 62c3a39bf7d8437ca93a0c5a4c3ed3c1b247baa2 Mon Sep 17 00:00:00 2001 From: Stijn Huyberechts Date: Wed, 24 May 2023 13:33:44 +0200 Subject: [PATCH] Allow multiple alternative domain names --- README.md | 6 ++++++ create-certificate.sh | 23 +++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 427b4b1..45ea700 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,12 @@ To generate a certificate for `example.dev` and its subdomains, run: create-certificate.sh example.dev ``` +To generate a certificate for `example.dev` along with one or more [alternative domains](https://en.wikipedia.org/wiki/Subject_Alternative_Name), run: + +``` +create-certificate.sh example.dev alternative-domain.dev alternative-domain.test +``` + ![create-certificate.sh](https://raw.githubusercontent.com/BenMorel/dev-certificates/main/images/create-certificate.png) You can now install the `.key` and `.crt` files in your web server, such as Apache or Nginx. diff --git a/create-certificate.sh b/create-certificate.sh index 42de366..00da192 100755 --- a/create-certificate.sh +++ b/create-certificate.sh @@ -1,19 +1,24 @@ #!/usr/bin/env bash -# Generates a wildcard certificate for a given domain name. +# Generates a wildcard certificate for a given domain name with optional alternative domain names. set -e if [ -z "$1" ]; then echo -e "\e[43mMissing domain name!\e[49m" echo - echo "Usage: $0 example.com" + echo "Usage: $0 example.dev" echo echo "This will generate a wildcard certificate for the given domain name and its subdomains." + echo + echo "Usage: $0 example.dev alternative-domain.dev" + echo + echo "This will generate a wildcard certificate for the given domain name, alternative domains and all subdomains for each of them." exit fi DOMAIN=$1 +ALT_NAME_INDEX=0 if [ ! -f "ca.key" ]; then echo -e "\e[41mCertificate Authority private key does not exist!\e[49m" @@ -36,10 +41,20 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth, clientAuth subjectAltName = @alt_names [alt_names] -DNS.1 = $DOMAIN -DNS.2 = *.$DOMAIN EOF +function add_alt_name() { + ALT_NAME_INDEX=$((ALT_NAME_INDEX + 1)) +>>"$DOMAIN.ext" cat <<-EOF +DNS.$ALT_NAME_INDEX = $1 +EOF +} + +for domain_alt in "${@}"; do + add_alt_name $domain_alt + add_alt_name "*.$domain_alt" +done + # Create the signed certificate openssl x509 -req \ -in "$DOMAIN.csr" \