| # Generate SSL Certificate for dev | |
| export DOMAIN="example.dev" | |
| export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo) | |
| export SUBJ=" | |
| C=PT | |
| ST=Aveiro | |
| O=Example Organization | |
| localityName=Aveiro | |
| commonName=$DOMAIN | |
| organizationalUnitName=Dev Team | |
| emailAddress=support@$DOMAIN | |
| " | |
| ## Create server private key | |
| openssl genrsa -des3 -out $DOMAIN.key -passout env:PASSPHRASE 2048 | |
| ## Create the Certificate Signing Request | |
| openssl req \ | |
| -new \ | |
| -batch \ | |
| -subj "$(echo -n "$SUBJ" | tr "\n" "/")" \ | |
| -key $DOMAIN.key \ | |
| -out $DOMAIN.csr \ | |
| -passin env:PASSPHRASE | |
| mv $DOMAIN.key $DOMAIN.key.org | |
| ## Strip the password so we don't have to type it every time we restart Apache | |
| openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE | |
| ## Config file to allow multiple domains | |
| echo "subjectAltName=DNS:$DOMAIN,DNS:*.$DOMAIN" > multi.config | |
| ## Generate the cert (good for 10 years) | |
| openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -text -extfile multi.config -out $DOMAIN.crt |
In any Ubuntu machine, for dev purposes, you can use the already provided certificates
/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/private/ssl-cert-snakeoil.key
(if by some reason the certificates are not available, install ssl-cert from apt-get.)