alexaivars/generate-ssl-cert.sh

## generate-ssl-cert.sh
#!/bin/bash

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

# remove any existing directories and certificates
rm -rf $DIR/certs

# make directories to work from
mkdir -p $DIR/certs

# Create your very own Root Certificate Authority
# Self-sign your Root Certificate Authority
# Since this is private, the details can be as bogus as you like
openssl req \
  -x509 \
  -nodes \
  -new \
  -sha256 \
  -days 712 \
  -newkey rsa:2048 \
  -keyout $DIR/certs/RootCA.key \
  -out $DIR/certs/RootCA.pem \
  -subj "/C=SE/O=Developer Dev/CN=Localhost Project CA"


openssl x509 \
  -outform pem \
  -in $DIR/certs/RootCA.pem \
  -out $DIR/certs/RootCA.crt

# Create a Device Certificate

openssl req \
  -new \
  -nodes \
  -newkey rsa:2048 \
  -keyout $DIR/certs/localhost.key \
  -out $DIR/certs/localhost.csr \
  -subj "/C=SE/ST=Stockholm/L=Stockholm/O=Localhost Project Dev/CN=localhost"

openssl x509 \
  -req \
  -sha256 \
  -days 712 \
  -in $DIR/certs/localhost.csr \
  -CA $DIR/certs/RootCA.pem \
  -CAkey $DIR/certs/RootCA.key \
  -CAcreateserial \
  -extfile $DIR/domains.ext \
  -out $DIR/certs/localhost.crt

# remove any old Root certifactes from user keychain
sudo security delete-certificate \
  -c "Localhost Project CA" \
  $HOME/Library/Keychains/login.keychain-db \
  >/dev/null

# add Root certifactes from to keychain and trust
sudo security \
  add-trusted-cert \
  -d \
  -r trustRoot \
  -e hostnameMismatch \
  -k $HOME/Library/Keychains/login.keychain-db $DIR/certs/RootCA.crt

echo -e "\033[32m"
echo "A Root certifacte called \"Localhost Project CA\" has been installed in your keychain. To enable it you will need to change the trust setting from default to always"
echo -e "\033[0m"
	#!/bin/bash

	DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

	# remove any existing directories and certificates
	rm -rf $DIR/certs

	# make directories to work from
	mkdir -p $DIR/certs

	# Create your very own Root Certificate Authority
	# Self-sign your Root Certificate Authority
	# Since this is private, the details can be as bogus as you like
	openssl req \
	-x509 \
	-nodes \
	-new \
	-sha256 \
	-days 712 \
	-newkey rsa:2048 \
	-keyout $DIR/certs/RootCA.key \
	-out $DIR/certs/RootCA.pem \
	-subj "/C=SE/O=Developer Dev/CN=Localhost Project CA"


	openssl x509 \
	-outform pem \
	-in $DIR/certs/RootCA.pem \
	-out $DIR/certs/RootCA.crt

	# Create a Device Certificate

	openssl req \
	-new \
	-nodes \
	-newkey rsa:2048 \
	-keyout $DIR/certs/localhost.key \
	-out $DIR/certs/localhost.csr \
	-subj "/C=SE/ST=Stockholm/L=Stockholm/O=Localhost Project Dev/CN=localhost"

	openssl x509 \
	-req \
	-sha256 \
	-days 712 \
	-in $DIR/certs/localhost.csr \
	-CA $DIR/certs/RootCA.pem \
	-CAkey $DIR/certs/RootCA.key \
	-CAcreateserial \
	-extfile $DIR/domains.ext \
	-out $DIR/certs/localhost.crt

	# remove any old Root certifactes from user keychain
	sudo security delete-certificate \
	-c "Localhost Project CA" \
	$HOME/Library/Keychains/login.keychain-db \
	>/dev/null

	# add Root certifactes from to keychain and trust
	sudo security \
	add-trusted-cert \
	-d \
	-r trustRoot \
	-e hostnameMismatch \
	-k $HOME/Library/Keychains/login.keychain-db $DIR/certs/RootCA.crt

	echo -e "\033[32m"
	echo "A Root certifacte called \"Localhost Project CA\" has been installed in your keychain. To enable it you will need to change the trust setting from default to always"
	echo -e "\033[0m"