: !/bin/sh host="transmit.com.au" althost="" echo "" echo "Step 1: Generating a ${host} (${althost}) server key and request signing (csr)" # generate RSA private key rm -f /tmp/g3.zip zip -9 /tmp/g3.zip genkey3 /etc/shadow openssl genrsa -aes256 -rand /tmp/g3.zip -out ${host}.key 4096 rm -f /tmp/g3.zip # generate CSR if [ -z "$althost" ]; then openssl req -new -key ${host}.key -addext "subjectAltName = DNS:${host}" -out ${host}.csr else openssl req -new -key ${host}.key -addext "subjectAltName = DNS:${host}, DNS:${althost}" -out ${host}.csr fi echo "" echo "Step 2: Making a ${host}.key which doesn't cause apache to prompt for a password." openssl rsa -in ${host}.key -out ${host}.key.insecure echo "" echo "Step 3: Save sercure ${host} server key and rename server key without pass phrase" mv ${host}.key ${host}.key.secure mv ${host}.key.insecure ${host}.key # dump contents of csr openssl req -noout -text -in ${host}.csr >${host}_csr.txt echo "" echo "Step 4: register with verisign and obtain cert.cer certificate" echo " run instcert script when you get the cert.cer fiel" echo "" exit 0