Add generete-csr.sh script to examples.

2026-05-28 04:34:11 -04:00 · 2015-06-15 11:03:11 +00:00 · 2015-06-15 11:03:11 +00:00 · 60cc025658
commit 60cc025658
parent 635e585226
3 changed files with 36 additions and 0 deletions
--- a/examples/.gitignore
+++ b/examples/.gitignore
@ -0,0 +1,3 @@
+# generate-csr.sh:
+/key.pem
+/csr.der
--- a/examples/generate-csr.sh
+++ b/examples/generate-csr.sh
@ -0,0 +1,28 @@
+#!/bin/sh
+# This script generates a simple SAN CSR to be used with Let's Encrypt
+# CA. Mostly intedened for "auth --csr" testing, but, since its easily
+# auditable, feel free to adjust it and use on you production web
+# server.
+
+if [ "$#" -lt 1 ]
+then
+  echo "Usage: $0 domain [domain...]" >&2
+  exit 1
+fi
+
+domains="DNS:$1"
+shift
+for x in "$@"
+do
+  domains="$domains,DNS:$x"
+done
+
+SAN="$domains" openssl req -config openssl.cnf \
+  -new -nodes -subj '/' -reqexts san \
+  -out csr.der \
+  -keyout key.pem \
+  -newkey rsa:2048 \
+  -outform DER
+# 512 or 1024 too low for Boulder, 2048 is smallest for tests
+
+echo "You can now run: letsencrypt auth --csr csr.der"
--- a/examples/openssl.cnf
+++ b/examples/openssl.cnf
@ -0,0 +1,5 @@
+[ req ]
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+[ san ]
+subjectAltName=${ENV::SAN}