Skip to content

Instantly share code, notes, and snippets.

@ledil

ledil/makecert.sh

Forked from richieforeman/makeauthority.sh
Last active September 12, 2017 08:34
Show Gist options
  • Save ledil/a56ec892d4df8df53eadb4d0a128c2d6 to your computer and use it in GitHub Desktop.
Save ledil/a56ec892d4df8df53eadb4d0a128c2d6 to your computer and use it in GitHub Desktop.
Download ZIP
Issue Your Own Self-Signed S/MIME Certs with OpenSSL
Raw
makecert.sh
openssl genrsa -des3 -out smime.key 4096
openssl req -new -key smime.key -out smime.csr
openssl x509 -req -days 3650 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout -extfile smime.cnf -extensions smime
openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12 -chain -CAfile ca.crt
Raw
smime.cnf
[req]
default_bits = 4096
string_mask = utf8only
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = DE
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NRW
localityName = Olpe
0.organizationName = Organization Name (eg, company)
0.organizationName_default = mobileapart GmbH
organizationalUnitName = Development
commonName = Leonardo Di Lella
commonName_max = 64
emailAddress = leonardo.dilella@mobileapart.com
emailAddress_max = 40
[smime]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = email:copy
extendedKeyUsage = emailProtection, clientAuth
nsCertType = client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment