#!/bin/bash

# Use this script to generate a self-signed cert for a given hostname
# Usage: bin/makecert [hostname]
# If you do not supply an argument, it will prompt for the hostname

if [ -z $1 ]; then
    read -p "Enter hostname: " hostname
    HOSTNAME="$hostname"
else
    HOSTNAME="$1"
fi

HOSTNAME="${HOSTNAME//[ ]/-}"

if [ -z "$HOSTNAME" ]; then
    echo "Aborting..."
    exit 1
fi

echo "Making cert and key for host '$HOSTNAME'"

openssl req -x509 -newkey rsa:4096 -nodes\
  -days 365 -subj "/CN=$HOSTNAME"\
  -keyout "$HOSTNAME.key.pem"\
  -out "$HOSTNAME.cert.pem"

# Use this one below with the -addext to include multiple domains (e.g. subdomains)
#openssl req -x509 -newkey rsa:4096 -nodes\
#  -days 365 -subj "/CN=$HOSTNAME"\
#  -keyout "$HOSTNAME.key.pem"\
#  -out "$HOSTNAME.cert.pem"
#  -addext "subjectAltName=DNS:example.com,DNS:www.example.net,IP:10.0.0.1"