SethCalkins/ssl_setup_example.sh

## ssl_setup_example.sh
# First, generate the key. You will be prompted to enter a password, but we will strip it out in the next step:
openssl genrsa -des3 -out server.orig.key 2048


# Then, stip out the password:
openssl rsa -in server.orig.key -out server.key


# Edit the OSX openssl config file to include your alternate names.
# Edit the 'subjectAltName' field. E.g.:
#
# subjectAltName = "DNS:mydomain.com, DNS:*.beta.mydomain.com"
#
# You should use the wildcard for your primary (Common name) in the next step
# and set at least the root domain as a subjectAltName. This example will
# create a valid certificate for mydomain.com, *.mydomain.com and *.beta.mydomain.com
# If you do not set the root domain (mydomain.com) in this example as an alt name
# visitors will get a security warning when visiting https://mydomain.com, though not
# when visiting https://www.mydomain.com

sudo nano /System/Library/OpenSSL/openssl.cnf


# Generate the CSR:

openssl req -new -key server.key -out server.csr

# This step will require you to enter some information that will appear on the certificate.
# Only the first 4 fields plus the 'Common Name' (your main domain name) is required.
# For a wildcard subdomain, enter *.mydomain.com for the 'Common Name'. Here's an example:
#
#
# Country Name (2 letter code) [AU]:CA
# State or Province Name (full name) [Some-State]:Ontario
# Locality Name (eg, city) []:Toronto
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company, Inc.
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:*.mydomain.com
# Email Address []:


# Finally, Check to see if it's as expected:

openssl req -text -noout -in server.csr


# Once you receive your certificate, you will probably have two or three .crt files.
# You'll probably have to concatenate them together into a single .crt (At least for Heroku or nGinx).
# E.g.:

cat STAR_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > bundle.crt
	# First, generate the key. You will be prompted to enter a password, but we will strip it out in the next step:
	openssl genrsa -des3 -out server.orig.key 2048


	# Then, stip out the password:
	openssl rsa -in server.orig.key -out server.key


	# Edit the OSX openssl config file to include your alternate names.
	# Edit the 'subjectAltName' field. E.g.:
	#
	# subjectAltName = "DNS:mydomain.com, DNS:*.beta.mydomain.com"
	#
	# You should use the wildcard for your primary (Common name) in the next step
	# and set at least the root domain as a subjectAltName. This example will
	# create a valid certificate for mydomain.com, .mydomain.com and .beta.mydomain.com
	# If you do not set the root domain (mydomain.com) in this example as an alt name
	# visitors will get a security warning when visiting https://mydomain.com, though not
	# when visiting https://www.mydomain.com

	sudo nano /System/Library/OpenSSL/openssl.cnf


	# Generate the CSR:

	openssl req -new -key server.key -out server.csr

	# This step will require you to enter some information that will appear on the certificate.
	# Only the first 4 fields plus the 'Common Name' (your main domain name) is required.
	# For a wildcard subdomain, enter *.mydomain.com for the 'Common Name'. Here's an example:
	#
	#
	# Country Name (2 letter code) [AU]:CA
	# State or Province Name (full name) [Some-State]:Ontario
	# Locality Name (eg, city) []:Toronto
	# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company, Inc.
	# Organizational Unit Name (eg, section) []:
	# Common Name (eg, YOUR name) []:*.mydomain.com
	# Email Address []:



	# Finally, Check to see if it's as expected:

	openssl req -text -noout -in server.csr


	# Once you receive your certificate, you will probably have two or three .crt files.
	# You'll probably have to concatenate them together into a single .crt (At least for Heroku or nGinx).
	# E.g.:

	cat STAR_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > bundle.crt