I needed to make a new SSL certificate that expired at a specific time in order to do some testing on it.

Here is a script that I came up with to create a self signed SSL certificate on OS X with a custom expiration date:


export A=asdf.com
openssl req -nodes -newkey rsa:2048 -keyout ca.key -out ca.csr -subj "/C=US/ST=California/L=Los Angeles/O=$A/CN=$A"

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
openssl req -nodes -newkey rsa:2048 -keyout new_server.key -out new_server.csr -subj "/C=US/ST=California/L=Los Angeles/O=$A/CN=$A"

mkdir ./demoCA
mkdir ./demoCA/newcerts
touch ./demoCA/index.txt
echo 01 > ./demoCA/serial

openssl ca -out new_server.crt -startdate 120815080000Z -enddate 141126154000Z -cert ca.crt -keyfile ca.key -infiles new_server.csr

The new cert will be placed into ./demoCA/newcerts.