Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
set -euo pipefail
# http://apetec.com/support/GenerateSAN-CSR.htm
# http://chschneider.eu/linux/server/openssl.shtml
DOMAIN=${1:-c9.dev}
IP=${2:-127.0.0.1}
if [[ "$DOMAIN$IP" =~ [/[:space:]] ]]; then
echo "$DOMAIN and $IP can't contain special character";
exit 1;
fi
FQDN="
IP.1 = $IP
DNS.1 = $DOMAIN
DNS.2 = *.$DOMAIN
"
CRT_NAME=$DOMAIN
echo creating certificates for $FQDN at CRT_NAME
mkdir -p tmp
echo '
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
commonName = Internet Widgits Ltd
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
'"$FQDN" > tmp/openssl.cnf
# Generate a private key
openssl genrsa -out tmp/$CRT_NAME.key 2048
# Create the CSR file
openssl req -new -out tmp/$CRT_NAME.csr -key tmp/$CRT_NAME.key -config tmp/openssl.cnf \
-subj "/C=NL/ST=Noord-Holland/L=Amsterdam/OU=ACME Self Signed CA"
# check
# openssl req -text -noout -in $CRT_NAME.csr
# Self-sign and create the certificate:
openssl x509 -req -days 3650 -in tmp/$CRT_NAME.csr -signkey tmp/$CRT_NAME.key\
-out tmp/$CRT_NAME.crt -extensions v3_req -extfile tmp/openssl.cnf
cat tmp/$CRT_NAME.crt > tmp/$CRT_NAME.pem
cat tmp/$CRT_NAME.key >> tmp/$CRT_NAME.pem
mv tmp/$CRT_NAME.pem ./$CRT_NAME.pem
mv tmp/$CRT_NAME.crt ./$CRT_NAME.crt
rm -r tmp
echo '
To add the custom cerificate:
On Windows run
certutil -addstore "Root" '"$CRT_NAME"'.crt # to add certificate to root
cmd.exe /c "certmgr.msc" # to see installed certificates
On Mac
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain '"$CRT_NAME"'.crt
On Linux
TODO
For older versions of firefox set
pref("security.enterprise_roots.enabled", true);
'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment