UCC certificate script
Just a quick note to share the script that I've written recently to generate UCC self-signed certificate.
Tl;dr
The script helps to generate self-signed UCC certificate based on openssl.modified.cnf
. The file openssl.modified.cnf
is mostly being used for generation of certificate requests.
Github repo: openssl-ucc
What is UCC certificate
A Unified Communications certificate or UC Certificate is a new type of certificate. The only thing that makes a UC Certificate different from a normal certificate, is the use of the Subject Alternative Name field in the certificate. In the Subject Alternative Name field, or SAN for short, any number of different domain names or common names can be entered enabling the certificate to work on any of the included domain names. This allows one certificate to secure both internal network names as well as external domain names.
For example, you could get one UC SSL Certificate to include the following:
- DNS.1 = example.com
- DNS.2 = www.example.com
- DNS.3 = example2.com
- DNS.4 = www.example2.com
Generate certificate
The main purpose of this script is to create the certificate for local testing of https
access. It is very handy to generate the new certificate and test various scenarios. In order to save some of those settings, I decided to create this super-simple script in order to get rid of this routine :)
I hate routines as this is the source of many fails and simple waste of time.
Generate certificate based on your own sites
In order to generate certificate based on openssl.modified.cnf
for your sites you should do the following:
- Open the file
openssl.modified.cnf
. - Find section
[alt_names]
. - Add/Change/Remove
DNS.1
,DNS.2
in the formatDNS.N = example2.com
whereN
is number. - Save file.
- Run script
generate-crt.sh
. - Follow instructions.
Script's Options
The script is very simple and straightforward. Currently, the following commands are supported:
-d
or --days
– sets the number of days how long the certificate will be valid.
-c
or --config
- sets the config name/path for openssl.modified.cnf
.
Example
bash generate-crt.sh -d 365
- will generate server.key
and server.crt
.