====== Certificates - Create Certificates using BASH ======
Create a self-signed SSL Certificates for Apache and Nginx web-servers.
#!/bin/bash
#
# USAGE:
# chmod +x ./ssl_create_cert.sh
# sudo ./ssl_create_cert.sh
################## DECLARE FUNCTIONS ######################
checkRoot() {
if [ $(id -u) -ne 0 ]; then
printf "Script must be run as root. Try 'sudo ./ssl_certificate_creater.sh'\n"
exit 1
fi
}
checkNeededPackages() {
lst="dialog openssl"
for items in $lst
do
type -P $items &>/dev/null || {
echo -en "\n Package \"$items\" is not installed!"
echo -en "\n Install now? [yes]/[no]: "
read ops
case $ops in
YES|yes|Y|y) sudo apt-get install $items ;;
*) echo -e "\n Exiting..."
exit 1 ;;
esac
}
done
}
setServerName() {
cmd=(dialog --backtitle "arthurgareginyan.com - Create SSL Certificate for NGinX/Apache" \
--inputbox "\n Please enter the URL of your website." 22 76 $__servername)
choices=$("${cmd[@]}" 2>&1 >/dev/tty)
if [ "$choices" != "" ]; then
__servername=$choices
else
break
fi
}
checkServerName() {
if [ "$__servername" = "" ]; then
setServerName
fi
}
installCertificateNginx() {
dialog --backtitle "sharewiz.net - Create SSL Certificate for NGinX/Apache" \
--title "Create SSL Certificate for NGinX" \
--msgbox "\n We are now going to create a self-signed certificate. While you could simply press ENTER when you are asked for country name etc. or enter whatever you want, it might be beneficial to have the web servers host name in the common name field of the certificate." 20 60
mkdir -p /etc/nginx/ssl
openssl req -new -x509 -days 3650 -nodes -out /etc/nginx/ssl/$__servername.crt -keyout /etc/nginx/ssl/$__servername.key
chmod 600 /etc/nginx/ssl/$__servername.key
dialog --backtitle "sharewiz.net - Create SSL Certificate for NGinX/Apache" \
--title "Create SSL Certificate for NGinX" \
--msgbox "\n Done! Your certificates are available at /etc/nginx/ssl/$__servername.crt & /etc/nginx/ssl/$__servername.key" 20 60
}
installCertificateApache() {
dialog --backtitle "sharewiz.net - Create SSL Certificate for NGinX/Apache" \
--title "Create SSL Certificate for Apache" \
--msgbox "\n We are now going to create a self-signed certificate. While you could simply press ENTER when you are asked for country name etc. or enter whatever you want, it might be beneficial to have the web servers host name in the common name field of the certificate." 20 60
clear
mkdir -p /etc/apache2/ssl
openssl req -new -x509 -days 3650 -nodes -out /etc/apache2/ssl/$__servername.crt -keyout /etc/apache2/ssl/$__servername.key
chmod 600 /etc/apache2/ssl/$__servername.key
dialog --backtitle "sharewiz.net - Create SSL Certificate for NGinX/Apache" \
--title "Create SSL Certificate for Apache" \
--msgbox "\n Done! Your certificates are available at /etc/apache2/ssl/$__servername.crt & /etc/apache2/ssl/$__servername.key" 20 60
}
######################## GO ###############################
checkRoot
checkNeededPackages
while true; do
cmd=(dialog --backtitle "sharewiz.net - Create SSL Certificate for NGinX/Apache" \
--title "Create SSL Certificate for NGinX/Apache" \
--menu "You MUST set the server URL (e.g., myaddress.dyndns.org) before starting create certificate. Choose task:" 20 60 15)
options=(1 "Set server URL ($__servername)"
2 "Generate new SSL certificate for NGiNX"
3 "Generate new SSL certificate for Apache"
4 "Exit")
choice=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
if [ "$choice" != "" ]; then
case $choice in
1) setServerName ;;
2) checkServerName
installCertificateNginx ;;
3) checkServerName
installCertificateApache ;;
4) clear
exit 0 ;;
esac
else
break
fi
done
clear
exit 0
----
===== Usage =====
Before you run the script, you must set the performance rights:
chmod +x ssl_crt_creater.sh
Run the script:
./ssl_crt_creater.sh
After you create the SSL certificate then you should bind it to the server.