#/bin/sh

# generates a self-signed certificate using openssl

CANAME=CA-MBS
CERTNAME=localhost
DOMAINNAME=*.privatesuv.com

if [ ! -f $CERTNAME.ext ]; then

	echo "[SAN]
subjectAltName=DNS:$DOMAINNAME" > $CERTNAME.ext

fi

openssl req -extensions v3_req -new -addext "subjectAltName = DNS:$DOMAINNAME" -addext "keyUsage = digitalSignature,keyAgreement" -addext "extendedKeyUsage = serverAuth" -newkey rsa:4096 -sha256 -keyout $CERTNAME.key -nodes -out $CERTNAME.csr
openssl x509 -req -extensions SAN -extfile $CERTNAME.ext -in $CERTNAME.csr -CA $CANAME.crt -CAkey $CANAME.key -CAcreateserial -out $CERTNAME.crt -days 730 -sha256