Last active
February 24, 2018 16:31
-
-
Save andrewfleming/c20c210005a79ef644726a5988c95d97 to your computer and use it in GitHub Desktop.
Generate new TLS/SSL certificates and keys and add them to your list of 'trusted certificates' in OS X Keychain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
UseCanonicalName Off | |
DocumentRoot "/Users/fleming/Sites/example" | |
ServerName example.fleming | |
SSLEngine on | |
SSLCertificateFile "/Users/fleming/Sites/example/ssl.crt" | |
SSLCertificateKeyFile "/Users/fleming/Sites/example/ssl.key" | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -e | |
# https://gist.github.com/jed/6147872 | |
# https://gist.github.com/jonathantneal/774e4b0b3d4d739cbc53 | |
echo "Creating OpenSSL configuration." | |
cat > openssl.cnf <<-EOF | |
[req] | |
distinguished_name = req_distinguished_name | |
x509_extensions = v3_req | |
prompt = no | |
[req_distinguished_name] | |
CN = *.${PWD##*/}.$(whoami) | |
[v3_req] | |
keyUsage = keyEncipherment, dataEncipherment | |
extendedKeyUsage = serverAuth | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = *.${PWD##*/}.$(whoami) | |
DNS.2 = ${PWD##*/}.$(whoami) | |
EOF | |
echo "Generating new certificate." | |
openssl req \ | |
-new \ | |
-newkey rsa:2048 \ | |
-sha1 \ | |
-days 3650 \ | |
-nodes \ | |
-x509 \ | |
-keyout ssl.key \ | |
-out ssl.crt \ | |
-config openssl.cnf | |
echo "Cleaning up configuration file." | |
rm openssl.cnf | |
echo "Trusting new certificate." | |
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $(pwd)/ssl.crt | |
echo "Success." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment