Just a quick note to share the script that I've written recently to generate UCC self-signed certificate.
The script helps to generate self-signed UCC certificate based on
openssl.modified.cnf. The file
openssl.modified.cnf is mostly being used for generation of certificate requests.
Github repo: openssl-ucc
What is UCC certificate
A Unified Communications certificate or UC Certificate is a new type of certificate. The only thing that makes a UC Certificate different from a normal certificate, is the use of the Subject Alternative Name field in the certificate. In the Subject Alternative Name field, or SAN for short, any number of different domain names or common names can be entered enabling the certificate to work on any of the included domain names. This allows one certificate to secure both internal network names as well as external domain names.
For example, you could get one UC SSL Certificate to include the following:
- DNS.1 = example.com
- DNS.2 = www.example.com
- DNS.3 = example2.com
- DNS.4 = www.example2.com
The main purpose of this script is to create the certificate for local testing of
https access. It is very handy to generate the new certificate and test various scenarios. In order to save some of those settings, I decided to create this super-simple script in order to get rid of this routine :)
I hate routines as this is the source of many fails and simple waste of time.
Generate certificate based on your own sites
In order to generate certificate based on
openssl.modified.cnf for your sites you should do the following:
- Open the file
- Find section
DNS.2in the format
DNS.N = example2.comwhere
- Save file.
- Run script
- Follow instructions.
The script is very simple and straightforward. Currently, the following commands are supported:
--days – sets the number of days how long the certificate will be valid.
--config - sets the config name/path for
bash generate-crt.sh -d 365 - will generate