!/bin/sh create self-signed server certificate: read -p "Enter your domain [www.example.com]: " DOMAIN echo "Create server key…" openssl genrsa -des3 -out $DOMAIN.key 2048 echo "Create server certificate signing request…" SUBJECT="/C=CN/ST=Guangdong/L=Shenzhen/O=Clark/OU=Clark/CN=$DOMAIN/emailAddress=xxx@clarkhu.net" openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr echo "Remove password…" mv $DOMAIN.key $DOMAIN.origin.key openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key echo "Sign SSL certificate…" openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.pem echo "TODO:" echo "Copy $DOMAIN.pem to /usr/local/nginx/conf/$DOMAIN.pem" echo "Copy $DOMAIN.key to /usr/local/nginx/conf/$DOMAIN.key" echo "Add configuration in nginx:" echo "server {" echo " …" echo " listen 443 ssl;" echo " ssl_certificate /usr/local/nginx/conf/$DOMAIN.pem;" echo " ssl_certificate_key /usr/local/nginx/conf/$DOMAIN.key;" echo "}"