create ssl certs on the command line - various methods

create a certificate signing request

export subject="/C=US/ST=California/L=Mountain View/O=GROX Networks/\
OU=WWW Server/CN=grox.net/emailAddress=null@example.com"
openssl genrsa 2048 > key.pem
openssl req -subj "$subject" -new -x509 -nodes -sha1 -days 3650 -key key.pem > request.pem
cat key.pem request.pem > csr.pem

from chef openldap cookbook…

############################################################
# Rakefile for OpenLDAP cookbook.
# Primarily used for generating SSL certificate(s).
# Extend with other OpenLDAP related tasks as required.

require 'tempfile'

COMPANY_NAME = "Company"
SSL_COUNTRY_NAME = "US"
SSL_STATE_NAME = "State"
SSL_LOCALITY_NAME = "City"
SSL_ORGANIZATIONAL_UNIT_NAME = "Operations"
SSL_EMAIL_ADDRESS = "operations@example.com"
CADIR = File.expand_path(File.join(File.dirname(__FILE__), "files", "default", "ssl"))

desc "Create a new self-signed SSL certificate for FQDN=foo.example.com"
task :ssl_cert do
  $expect_verbose = true
  fqdn = ENV["FQDN"]
  fqdn =~ /^(.+?)\.(.+)$/
  hostname = $1
  domain = $2
  raise "Must provide FQDN!" unless fqdn && hostname && domain
  puts "* Creating self signed SSL Certificate for #{fqdn}"
  sh("(cd #{CADIR} && openssl genrsa 2048 > #{fqdn}.key)")
  sh("(cd #{CADIR} && chmod 644 #{fqdn}.key)")
  puts "* Generating Self Signed Certificate Request"
  tf = Tempfile.new("#{fqdn}.ssl-conf")
  ssl_config = <<EOH
[ req ]
distinguished_name = req_distinguished_name
prompt = no

[ req_distinguished_name ]
C                      = #{SSL_COUNTRY_NAME}
ST                     = #{SSL_STATE_NAME}
L                      = #{SSL_LOCALITY_NAME}
O                      = #{COMPANY_NAME}
OU                     = #{SSL_ORGANIZATIONAL_UNIT_NAME}
CN                     = #{fqdn}
emailAddress           = #{SSL_EMAIL_ADDRESS}
EOH
  tf.puts(ssl_config)
  tf.close
  sh("(cd #{CADIR} && openssl req -config '#{tf.path}' -new -x509 -nodes -sha1 -days 3650 -key #{fqdn}.key > #{fqdn}.crt)")
  sh("(cd #{CADIR} && openssl x509 -noout -fingerprint -text < #{fqdn}.crt > #{fqdn}.info)")
  sh("(cd #{CADIR} && cat #{fqdn}.crt #{fqdn}.key > #{fqdn}.pem)")
  sh("(cd #{CADIR} && chmod 644 #{fqdn}.pem)")
end
############################################################

note that this generates an unencrypted self-signed cert

#!/bin/sh
[ $# -eq 1 ] || { echo "usage: `basename $0` filename" ; exit 1; }
openssl req -new -x509 -extensions usr_cert -nodes -keyout "$1" -out "$1" -days 1460 -passin "pass:" <<EOT
US
CA
Mountain View
GROX Networks
WWW Server
grox.net
null@example.com
EOT