Cacher is the code snippet organizer for pro developers

##########
#
#   Run on the command line like this:
#
#     genselfcert full.domain.com
#
#   This is tested on CentOS 6.x, but might work similarly on other OS installations 
#
##########

#!/bin/bash

domain="$1"
cn=$domain
key=$domain.key
csr=$domain.csr
crt=$domain.crt

# Generate a key
openssl genrsa -out $key 2048

# Generate a certificate signing request
#   The only answer you are REQUIRED to give for this command is COMMON NAME, which is the same as full.domain.com
openssl req -new -key $key \
                 -subj "CN=$cn" \
                 -out $csr \
                 -sha512

# Create the certificate
openssl x509 -req -days 365 -in $csr \
                  -signkey $key  \
                  -out $crt \
                  -sha512
                  
# In the nginx *.conf file for the server, add the following lines
#  listen 443;
#  ssl on;
#  ssl_certificate /etc/nginx/ssl/full.domain.com.crt;
#  ssl_certificate_key /etc/nginx/ssl/full.domain.com.key;
#  server_name full.domain.com;
  
# Install the certificate at the end-user location (so the browser doesn't yell at you)
#   On your computer, install the certificate in Trusted Root Certification Authorities
#   Start > Run...
#   certmgr.msc
#   Find your cert under Trusted Root Certification Authorities > Certificates
#   Right-click > Properties
#   Select 'Enable all purposes for this certificate'

##########
#
#   Replace full.domain.com with your domain
#
#   This is tested on CentOS 6.x, but might work similarly on other OS installations 
#
##########

# Generate a key
openssl genrsa -out "/etc/nginx/ssl/full.domain.com.key" 2048

# Generate a certificate signing request
#   The only answer you are REQUIRED to give for this command is COMMON NAME, which is the same as full.domain.com
openssl req -new -key "/etc/nginx/ssl/full.domain.com.key" \
                 -out "/etc/nginx/ssl/full.domain.com.csr" \
                 -sha512

# Create the certificate
openssl x509 -req -days 365 -in "/etc/nginx/ssl/full.domain.com.csr" \
                  -signkey "/etc/nginx/ssl/full.domain.com.key"  \
                  -out "/etc/nginx/ssl/full.domain.com.crt" \
                  -sha512
                  
# In the nginx *.conf file for the server, add the following lines
  listen 443;
  ssl on;
  ssl_certificate /etc/nginx/ssl/full.domain.com.crt;
  ssl_certificate_key /etc/nginx/ssl/full.domain.com.key;
  server_name full.domain.com;
  
# Install the certificate at the end-user location (so the browser doesn't yell at you)
#   On your computer, install the certificate in Trusted Root Certification Authorities
#   Start > Run...
#   certmgr.msc
#   Find your cert under Trusted Root Certification Authorities > Certificates
#   Right-click > Properties
#   Select 'Enable all purposes for this certificate'
  
# More info and original source: https://serversforhackers.com/self-signed-ssl-certificates