sslfie: generate your own certificates

security_compCertificates are an important player in identity authentication of websites. How do you generate a certificate-key pair for your website easily? sslfie is a smart bash script to generate self-signed x.509 certificates for use with SSL/TLS. It uses SSL commands in the background but hides the complexity and steps from the user.

Features

  • Supports multiple domain names in one cert with the SubjectAltName field
  • Trivial to automate — the only required argument is a domain name
  • Automatically set modern options by default (-sha256, -utf8)
  • Easy to install .deb and .rpm packages

Installation

Though the author provides deb and rpm packages, the easiest way to install sslfie is to download the script:

$ curl -O https://raw.githubusercontent.com/mkropat/sslfie/master/sslfie
$ chmod +x sslfie

Usage

List of options:

$ ./sslfie -help
Usage: sslfie [OPTION]... DOMAIN [DOMAIN2]...
Generate a self-signed x.509 certificate for use with SSL/TLS.
Options:
 -o PATH -- output the cert to a file at PATH
 -k PATH -- output the key to a file at PATH
 -K PATH -- sign key at PATH (instead of generating a new one)
 -c CC -- country code listed in the cert (default: XX)
 -s SIZE -- generate a key of size SIZE (default: 2048)
 -y N -- expire cert after N years (default: 10)

Example usage:

$ ./sslfie -c US -o tuxdiary.crt -k tuxdiary.key www.tuxdiary.com tuxdiary.com

Verify the certificate:

$ openssl x509 -in tuxdiary.crt -noout -text

On GitHub: sslfie

One thought on “sslfie: generate your own certificates”

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s