Last active
February 19, 2020 13:13
-
-
Save buraksahin59/91a98a04f05fd09addbe924cc2cd3de1 to your computer and use it in GitHub Desktop.
Create https keys and certificates on localhost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate SSL Certificate for yoursite.local | |
| # Using: | |
| # $ generate_ssl 'yoursite' | |
| function generate_ssl() { | |
| echo 'New Local Domain: '$1'.local' | |
| # Step 1: Generate server.key | |
| echo 'Generate server.key' | |
| #sudo openssl genrsa -out /usr/local/etc/httpd/server.key 2048 | |
| # echo 'server.key has been generated' | |
| echo '' | |
| # Step 2: Generate key for `yoursite.local` | |
| echo 'Generate key for `'$1'.local`' | |
| sudo openssl genrsa -out '/usr/local/etc/httpd/ssl/'$1'.key' 2048 | |
| sudo openssl rsa -in '/usr/local/etc/httpd/ssl/'$1'.key' -out '/usr/local/etc/httpd/ssl/'$1'.key.rsa' | |
| # echo 'keys for `'$1'.local` have been generated' | |
| echo '' | |
| # Step 3: Create a configuration file | |
| echo 'Create a configuration file' | |
| sudo touch '/usr/local/etc/httpd/ssl/'$1'.conf' | |
| sudo tee -a '/usr/local/etc/httpd/ssl/'$1'.conf' > /dev/null <<EOT | |
| [req] | |
| default_bits = 1024 | |
| distinguished_name = req_distinguished_name | |
| req_extensions = v3_req | |
| [req_distinguished_name] | |
| [v3_req] | |
| basicConstraints = CA:FALSE | |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = $1.local | |
| DNS.2 = *.$1.local | |
| EOT | |
| echo '' | |
| # Step 4: Generate the required Certificate Requests | |
| echo 'Generate the required Certificate Requests' | |
| sudo openssl req -new -key '/usr/local/etc/httpd/server.key' -subj "/C=TR/ST=Istanbul/L=Istanbul/O=Local Organization/CN="$1".local/emailAddress=yourname@email.com/" -out '/usr/local/etc/httpd/server.csr' | |
| sudo openssl req -new -key '/usr/local/etc/httpd/ssl/'$1'.key.rsa' -subj "/C=TR/ST=Istanbul/L=Istanbul/O=Local Organization/CN="$1".local/" -out '/usr/local/etc/httpd/ssl/'$1'.csr' -config '/usr/local/etc/httpd/ssl/'$1'.conf' | |
| echo '' | |
| # Step 5: Use the Certificate Requests to sign the SSL Certificates | |
| echo 'Use the Certificate Requests to sign the SSL Certificates' | |
| sudo openssl x509 -req -days 365 -in '/usr/local/etc/httpd/server.csr' -signkey '/usr/local/etc/httpd/server.key' -out '/usr/local/etc/httpd/server.crt' | |
| sudo openssl x509 -req -extensions v3_req -days 365 -in '/usr/local/etc/httpd/ssl/'$1'.csr' -signkey '/usr/local/etc/httpd/ssl/'$1'.key.rsa' -out '/usr/local/etc/httpd/ssl/'$1'.crt' -extfile '/usr/local/etc/httpd/ssl/'$1'.conf' | |
| echo '' | |
| # Step 6: Add the SSL Certificate to Keychain Access | |
| echo 'Add the SSL Certificate to Keychain Access' | |
| sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain '/usr/local/etc/httpd/ssl/'$1'.crt' | |
| echo '' | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment