If you need to create a self sigin certifiacte for a domain or IP use this script to be FAST !

#!/bin/bash

set -e

read -p "Enter IP or DNS for certificate: " TARGET

BASE_DIR="$(pwd)/certs/$TARGET"

mkdir -p "$BASE_DIR"

echo "[+] Generating CA..."

openssl genrsa -out "$BASE_DIR/ca.key" 4096

openssl req -x509 -new -nodes -key "$BASE_DIR/ca.key" -sha256 -days 3650 \

  -out "$BASE_DIR/ca.crt" \

  -subj "/C=IR/ST=Tehran/L=Tehran/O=MyTestCA/CN=MyTestCA"

echo "[+] Generating server key..."

openssl genrsa -out "$BASE_DIR/server.key" 2048

echo "[+] Creating CSR..."

cat > "$BASE_DIR/server.ext" <<EOF

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage = digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names

[alt_names]

IP.1 = $TARGET

DNS.1 = $TARGET

EOF

openssl req -new -key "$BASE_DIR/server.key" -out "$BASE_DIR/server.csr" \

  -subj "/C=IR/ST=Tehran/L=Tehran/O=MyServer/CN=$TARGET"

echo "[+] Signing server certificate with our CA..."

openssl x509 -req -in "$BASE_DIR/server.csr" -CA "$BASE_DIR/ca.crt" -CAkey "$BASE_DIR/ca.key" \

  -CAcreateserial -out "$BASE_DIR/server.crt" -days 825 -sha256 -extfile "$BASE_DIR/server.ext"

echo ""

echo "✅ Done! Files created:"

echo "  CA cert:   $BASE_DIR/ca.crt"

echo "  CA key:    $BASE_DIR/ca.key"

echo "  Server cert: $BASE_DIR/server.crt"

echo "  Server key:  $BASE_DIR/server.key"

echo "  CSR:         $BASE_DIR/server.csr"

echo "  EXT file:    $BASE_DIR/server.ext"