Add generete-csr.sh script to examples.

3 files changed, 36 insertions, 0 deletions

diff --git a/examples/.gitignore b/examples/.gitignore
new file mode 100644
index 000000000..abaf425d1
--- /dev/null
+++ b/examples/.gitignore
@@ -0,0 +1,3 @@
+# generate-csr.sh:
+/key.pem
+/csr.der
\ No newline at end of file
diff --git a/examples/generate-csr.sh b/examples/generate-csr.sh
new file mode 100755
index 000000000..c63f3c2d1
--- /dev/null
+++ b/examples/generate-csr.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# This script generates a simple SAN CSR to be used with Let's Encrypt
+# CA. Mostly intedened for "auth --csr" testing, but, since its easily
+# auditable, feel free to adjust it and use on you production web
+# server.
+
+if [ "$#" -lt 1 ]
+then
+  echo "Usage: $0 domain [domain...]" >&2
+  exit 1
+fi
+
+domains="DNS:$1"
+shift
+for x in "$@"
+do
+  domains="$domains,DNS:$x"
+done
+
+SAN="$domains" openssl req -config openssl.cnf \
+  -new -nodes -subj '/' -reqexts san \
+  -out csr.der \
+  -keyout key.pem \
+  -newkey rsa:2048 \
+  -outform DER
+# 512 or 1024 too low for Boulder, 2048 is smallest for tests
+
+echo "You can now run: letsencrypt auth --csr csr.der"
diff --git a/examples/openssl.cnf b/examples/openssl.cnf
new file mode 100644
index 000000000..a3e6f3895
--- /dev/null
+++ b/examples/openssl.cnf
@@ -0,0 +1,5 @@
+[ req ]
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+[ san ]
+subjectAltName=${ENV::SAN}