How to generate a self-signed certificate for apache2 in Debian

Posted on by




While the Debian apache2 package was in Apache version 2.0, there was a tool called “apache2-ssl-certificate” for the users to use that script to gererate their own self-signed cert themselves. However, the script was removed since the apache2 package had been upgraded to Apache v2.2.

I had modified the old script so that it can generate a suitable self-signed cert for the new apache2(Apache v2.2) in Debain.

Here is the code:


#!/bin/sh -e

DAYS="365"
CERTPATH="/etc/apache2/ssl"
CERTNAME="apache"
KEYBIT="1024"
FORCE="0";

usage(){
    echo "This is a program for the users to gernate their own self-signed certificate."
    echo
    echo "Usage:  $0 [[OPTION] [VALUE]]..."
    echo
    echo "OPTIONS:"
    echo "  -h | -help | --help -- To Show This Help"
    echo "  -f | --force        -- Force to generate the cert"
    echo "  -d | -days | --days -- cert to expire after x days, default is 365"
    echo "  -p | -path | --path -- Path of the cert will be stored,"
    echo "                         default is /etc/apache/ssl"
    echo "  -n | -name | --name -- the name of the cert, default is apache"
    echo "  -b | -bit  | --bit  -- length of the key, default is 1024"
    echo
}

createcert() {
    if [ "$FORCE" != "1" -a -f $CERTPATH/$CERTNAME.pem ]; then
        echo "$CERTPATH/$CERTNAME.pem exists!  Use \"$0 --force.\""
        exit 0
    fi
    echo
    echo creating selfsigned certificate
    echo "replace it with one signed by a certification authority (CA)"
    echo
    echo enter your ServerName at the Common Name prompt
    echo
    echo If you want your certificate to expire after x days call this programm
    echo with "--days x"

    mkdir -p "$CERTPATH/"

    export RANDFILE=/dev/random
    openssl req $@ -new -x509 -days $DAYS -nodes
    -newkey rsa:$KEYBIT
    -out $CERTPATH/$CERTNAME.pem
    -keyout $CERTPATH/$CERTNAME.pem
    chmod 600 $CERTPATH/$CERTNAME.pem
}

case $1 in
    -h|help|--help)
        usage
        exit 0
    ;;
esac

until [ -z "$1" ]  # Until all parameters used up . . .
do
    case $1 in
        --force|-f|-force)
	    FORCE="1"
	    shift
        ;;
	--days|-d|-days)
	    DAYS=$2
	    shift
	    shift
	;;
	--path|-p|-path)
	    CERTPATH=$2
	    shift
	    shift
	;;
	--name|-n|-name)
	    CERTNAME=$2
	    shift
	    shift
	;;
	--bit|-n|-bit)
	    KEYBIT=$2
	    shift
	    shift
	;;
	*)
	    usage
	    exit 0
	;;
    esac
done
createcert
Here is the file.
apache2-ssl-certificate.tar.gz

MD5SUM: 6fb69eb0d63a683e73461f4f682e13e5

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

936 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>