gencert.sh for Mattermost
Generate a self-signed x509v3 certificate for use with multiple URLs / IPs.
Generate Certificates
Default values
CRT_CN="client.com" CRT_SAN="DNS.1:www.client.com,DNS.2:admin.client.com,IP.1:192.168.1.10,IP.2:10.0.0.234" gencert.sh
Custom values
You may change the CRT_CN
and CRT_SAN
values of the above command based on your needs.
Additionally you may use any of the following environment variables :
CRT_C
: Country valueCRT_L
: Locality valueCRT_O
: Organization valueCRT_OU
: Organizational Unit valueCRT_CN
: Common Name valueCRT_SAN
: SubjectAltName value
Secure/Unsecure Certificates
The generated private key is passwordless by default.
You can secure/unsecure the certificates using standard pkcs8
commands:
# secure
openssl pkcs8 -in mattermost-x509.key -topk8 -v2 des3 -out mattermost-x509.secure.key
# unsecure
openssl pkcs8 -in mattermost-x509.secure.key -topk8 -nocrypt -out mattermost-x509.key