Get signed and valid SSL certificates, create CSRs and the corresponding private keys directly from the command line in usually less than a minute. Easy, secure, fast.
Official certificates (signed by ZeroSSL CA):
php generator.php --apiKey=KEY --targetPath="/var/www/" --domains="example.com,www.example.com" --csrData="countryName=AT&stateOrProvinceName=Vienna&localityName=Vienna&organizationName=CLI%20Operations&emailAddress=certmaster@mailinator.com"
Self-signed certificates:
php generator.php --targetPath="/var/www/" --domains="example.com,www.example.com" --csrData="countryName=AT&stateOrProvinceName=Vienna&localityName=Vienna&organizationName=CLI%20Operations&emailAddress=certmaster@mailinator.com"
The flags should provide all configuration that you may ever need. Take a little time to fully understand what they are doing:
| Flag | Description | Type | Examples | Required | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-d,--domains |
Comma seperated list of domains for the certificate. Use wildcards like *.example.com. The first domain name will be the common name of the certificate. | String | example.com,www.example.com *.example.com *.foo.bar.com,*.abc,bar.com,*.xyz.bar.com |
✓ | ||||||||||
-c,--csrData |
Important:The organization information for your CSR and your certificate.
Required parts:
|
QUERY_STRING | countryName=AT&stateOrProvinceName=Vienna&localityName=Vienna&organizationName=CLI%20Operations&emailAddress=certmaster@mailinator.com | ✓ | ||||||||||
-p,--privateKeyPassword |
The password which is used to encrypt the private key. | String | ||||||||||||
-n,--noOut |
If this is set, no output is printed to the screen. Only needed if you embed the application somewhere. | Boolean | ||||||||||||
-t,--targetPath |
The path in your local system where all output is saved (Certificate, CSR, private key, files for validation,...). Not mandatory, because you also could copy all output from the terminal and save it to files on your own. | String | /etc/ssl/ |
|||||||||||
-a,--targetSubfolder |
Subfolder in the target path. Might be useful when requesting many certificates. Folder is created if not existing. | String | cert1cert2 |
|||||||||||
-s,--suffix |
Output file suffix. This is useful if you generate multiple certificates and you do not overwrite the existing output. Suffix is appended to any output. | String | -2 -ecc project |
|||||||||||
-k,--apiKey |
Required if you want to sign your certificate with ZeroSSL (recommended). You need to register at
https://app.zerossl.com/signup to get an API key.
If no API key is defined, you will create self-signed certificates. You might want to do this on purpose, but common webbrowsers will show a warning that the certificate is not trusted. |
String | 663f5da7524344266195a785279e72d1 | |||||||||||
-m,--validationMethod |
The validation method (only required if certificate is signed with ZeroSSL).
EMAIL: For email validationCNAME: CNAME validationHTTP_CSR_HASH: HTTP file upload validationHTTPS_CSR_HASH: HTTPS file upload validationMore information here: https://zerossl.com/documentation/api/verify-domains/ |
Enum | ||||||||||||
-d,--useEccDefaults |
By default RSA encrypted certificates are generated. If this is set to true, the defaults for ECC certificates are used. More information: https://en.wikipedia.org/wiki/Elliptic-curve_cryptography. | Boolean | ||||||||||||
-y,--privateKeyOptions |
You can configure certain options for the private key, like the encryption algorithm. This is an advanced feature.
All options are explained in the PHP documentation. https://www.php.net/manual/en/function.openssl-csr-new.php |
QUERY_STRING (URL encoded string) |
digest_alg=sha512
curve_name=sect571r1
|
|||||||||||
-o,--csrOnly |
You can use the application for pure CSR generation, without certificate or signing. If you specify this option the script simply generates your CSR and stops afterwards. | Boolean | ||||||||||||
-r,--createOnly |
Create the CSR and also the certificate in the ZeroSSL CA, but do not start the validation process. This might be useful if you want to create a bunch of certificates and e.g. get the validation files, but the validation of the certificates will be done later (or e.g. from the ZeroSSL UI). | Boolean | ||||||||||||
-s,--csrOptions |
You can configure certain options for the private key, like the encryption algorithm. This is an advanced feature.
All options are explained in the PHP documentation. https://www.php.net/manual/en/function.openssl-csr-new.php |
QUERY_STRING (URL encoded string) |
digest_alg=sha512
curve_name=sect571r1
|
|||||||||||
-v,--validityDays |
Default: 90. Days of certificate validity.
While for self-signed certificates you can choose any amount, for ZeroSSL signed certificates only 90 and 365 days are supported currently. For 365 days (1-Year) you need a ZeroSSL premium account. |
INTEGER | 90
365 |
|||||||||||
-z,--validationEmail |
Only required for E-Mail certificate validation with ZeroSSL. Comma-seperated string of validation E-Mails which must be equivalent to your domains string. More information here: https://zerossl.com/documentation/api/verify-domains/. | STRING | admin@example.com | |||||||||||
-i,--includeCrossSigned |
Do you want to include the cross-signed certificate into your CA Bundle delivered by ZeroSSL after signing? | BOOLEAN | ||||||||||||
-q,--debug |
ONLY USED FOR DEBUGGING THIS SCRIPT - INSECURE. You can set a test API URL here, insecure HTTP requests are allowed. | STRING | https://mylocal.cert.api |