!/bin/sh
create self-signed server certificate:
read -p "Enter your domain [www.example.com]: " DOMAIN
echo "Create server key…"
openssl genrsa -des3 -out $DOMAIN.key 2048
echo "Create server certificate signing request…"
SUBJECT="/C=CN/ST=Guangdong/L=Shenzhen/O=Clark/OU=Clark/CN=$DOMAIN/emailAddress=xxx@clarkhu.net"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
echo "Remove password…"
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
echo "Sign SSL certificate…"
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.pem
echo "TODO:"
echo "Copy $DOMAIN.pem to /usr/local/nginx/conf/$DOMAIN.pem"
echo "Copy $DOMAIN.key to /usr/local/nginx/conf/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo " …"
echo " listen 443 ssl;"
echo " ssl_certificate /usr/local/nginx/conf/$DOMAIN.pem;"
echo " ssl_certificate_key /usr/local/nginx/conf/$DOMAIN.key;"
echo "}"