Created
March 29, 2021 07:16
-
-
Save alexaivars/c52164cc3baaf193e3233aa7aa7ad089 to your computer and use it in GitHub Desktop.
Self signed root CA for development
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |
# remove any existing directories and certificates | |
rm -rf $DIR/certs | |
# make directories to work from | |
mkdir -p $DIR/certs | |
# Create your very own Root Certificate Authority | |
# Self-sign your Root Certificate Authority | |
# Since this is private, the details can be as bogus as you like | |
openssl req \ | |
-x509 \ | |
-nodes \ | |
-new \ | |
-sha256 \ | |
-days 712 \ | |
-newkey rsa:2048 \ | |
-keyout $DIR/certs/RootCA.key \ | |
-out $DIR/certs/RootCA.pem \ | |
-subj "/C=SE/O=Developer Dev/CN=Localhost Project CA" | |
openssl x509 \ | |
-outform pem \ | |
-in $DIR/certs/RootCA.pem \ | |
-out $DIR/certs/RootCA.crt | |
# Create a Device Certificate | |
openssl req \ | |
-new \ | |
-nodes \ | |
-newkey rsa:2048 \ | |
-keyout $DIR/certs/localhost.key \ | |
-out $DIR/certs/localhost.csr \ | |
-subj "/C=SE/ST=Stockholm/L=Stockholm/O=Localhost Project Dev/CN=localhost" | |
openssl x509 \ | |
-req \ | |
-sha256 \ | |
-days 712 \ | |
-in $DIR/certs/localhost.csr \ | |
-CA $DIR/certs/RootCA.pem \ | |
-CAkey $DIR/certs/RootCA.key \ | |
-CAcreateserial \ | |
-extfile $DIR/domains.ext \ | |
-out $DIR/certs/localhost.crt | |
# remove any old Root certifactes from user keychain | |
sudo security delete-certificate \ | |
-c "Localhost Project CA" \ | |
$HOME/Library/Keychains/login.keychain-db \ | |
>/dev/null | |
# add Root certifactes from to keychain and trust | |
sudo security \ | |
add-trusted-cert \ | |
-d \ | |
-r trustRoot \ | |
-e hostnameMismatch \ | |
-k $HOME/Library/Keychains/login.keychain-db $DIR/certs/RootCA.crt | |
echo -e "\033[32m" | |
echo "A Root certifacte called \"Localhost Project CA\" has been installed in your keychain. To enable it you will need to change the trust setting from default to always" | |
echo -e "\033[0m" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment