Self Signed CA and Certificate

make_cert.sh

#!/usr/bin/env bash

set -eu

### SETTINGS ###

certs_dir=~/certs

country=BR
state=
city=
organization=Localhost

domain=${1:-localhost}

### END SETTINGS ###

if [ ! -d "$certs_dir" ]; then
    echo "==> Creating certs dir"
    install -d "$certs_dir"
fi

echo "==> Entering certs dir: $certs_dir"
cd $certs_dir

if [ ! -e rootCA.key ]; then
    echo "==> Creating a Self-Signed Root CA"
    openssl req -x509 -sha256 -nodes \
        -newkey rsa:2048 -days 1825 \
        -keyout rootCA.key -out rootCA.crt <<EOF
$country
$state
$city
$organization

$organization Root

EOF
    echo
    echo
fi

echo "==> Creating a Certificate Signing Request"

openssl req -nodes \
    -newkey rsa:2048 \
    -keyout "$domain.key" -out "$domain.csr" <<EOF
$country
$state
$city
$organization

$domain



EOF
echo
echo

echo "==> Signing the CSR with Root CA"

cat <<EOF > "$domain.ext"
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain
EOF

openssl x509 -req \
    -CA rootCA.crt -CAkey rootCA.key \
    -extfile "$domain.ext" -CAcreateserial -days 365 \
    -in "$domain.csr" -out "$domain.crt"
echo

echo "==> Next steps"
echo "  -> Install this file in the browser:"
echo "    $certs_dir/rootCA.crt"
echo
echo "  -> Use these files in the web server:"
echo "    $certs_dir/$domain.crt"
echo "    $certs_dir/$domain.key"

Script made with steps adapted from https://www.baeldung.com/openssl-self-signed-cert

⚠️ This is for development use ONLY ⚠️

NOTE: The -nodes flag disables passwords for the generated keys