Last active
November 15, 2019 17:05
-
-
Save dargmuesli/2db49386cd1ef3f1ad114de19bfebe1e to your computer and use it in GitHub Desktop.
Updates self signed certificates for local development via HTTPs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Updates self signed certificates for local development via HTTPs. | |
.DESCRIPTION | |
Creates (or updates if needed) a root ca certificate for development and a | |
project certificate which is signed by the root certificate. | |
.PARAMETER ConfigPath | |
Path to server certificate configuration. | |
.PARAMETER Password | |
Password for root certificate. | |
.PARAMETER RootPath | |
Path to root CA files. | |
.EXAMPLE | |
./New-Certificates.ps1 project/certificates/project.cnf | |
.LINK | |
https://gist.github.com/Dargmuesli/2db49386cd1ef3f1ad114de19bfebe1e | |
#> | |
Param ( | |
[Parameter(Mandatory = $True, Position = 0)] | |
[ValidateScript({Test-Path -Path $PSItem})] | |
[String] $ConfigPath, | |
[Parameter(Mandatory = $True, Position = 1)] | |
[ValidateNotNullOrEmpty()] | |
[SecureString] $Password, | |
[Parameter(Mandatory = $False)] | |
[String] $RootPath = (Join-Path -Path $HOME -ChildPath "certificates" ` | |
| Join-Path -ChildPath "development") | |
) | |
$ClearPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto( | |
[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)); | |
$CaTrunk = Join-Path -Path $RootPath -ChildPath "development_root_ca" | |
$ProjectName = [System.IO.Path]::GetFileNameWithoutExtension($ConfigPath) | |
$ProjectTrunk = Join-Path -Path ([System.IO.Path]::GetDirectoryName( | |
$ConfigPath)) -ChildPath $ProjectName | |
If (-Not (Test-Path -Path $RootPath)) { | |
New-Item -Path "$RootPath" -ItemType "directory" -Force | |
} | |
If (-Not (Test-Path -Path "$CaTrunk.cnf")) { | |
[System.IO.File]::WriteAllLines("$CaTrunk.cnf", @" | |
# OpenSSL configuration for Root CA | |
[ req ] | |
prompt = no | |
string_mask = default | |
default_bits = 2048 | |
distinguished_name = req_distinguished_name | |
x509_extensions = x509_ext | |
[ req_distinguished_name ] | |
countryName = de | |
organizationName = Development | |
commonName = Development Root CA | |
[ x509_ext ] | |
keyUsage=critical,keyCertSign,cRLSign | |
basicConstraints=critical,CA:true,pathlen:0 | |
"@) | |
} | |
$ReGen = $False | |
If ((Test-Path -Path "$CaTrunk.crt") -And (Test-Path -Path "$CaTrunk.key")) { | |
$Valid = (openssl x509 -checkend 86400 -noout -in "$CaTrunk.crt") | |
If ("$Valid" -Eq "Certificate will not expire") { | |
Write-Host "Valid CA certificate & private key already exist." ` | |
-ForegroundColor "Cyan" | |
} Else { | |
Write-Warning "Invalid CA certificate & private key already exist." | |
$ReGen = $True | |
} | |
} Else { | |
$ReGen = $True | |
} | |
If ($ReGen) { | |
Write-Host "Creating CA certificate & private key..." ` | |
-ForegroundColor "Cyan" | |
openssl req ` | |
-config "$CaTrunk.cnf" ` | |
-days 365 ` | |
-keyout "$CaTrunk.key" ` | |
-new ` | |
-out "$CaTrunk.crt" ` | |
-passout pass:"$ClearPassword" ` | |
-x509 | |
} | |
Write-Host "Creating server certificate & private key..." ` | |
-ForegroundColor "Cyan" | |
openssl req ` | |
-config "$ProjectTrunk.cnf" ` | |
-keyout "$ProjectTrunk.key" ` | |
-new ` | |
-nodes ` | |
-out "$ProjectTrunk.csr" | |
Write-Host "Signing with CA..." -ForegroundColor "Cyan" | |
openssl x509 ` | |
-CA "$CaTrunk.crt" ` | |
-CAkey "$CaTrunk.key" ` | |
-CAcreateserial ` | |
-days 365 ` | |
-extensions x509_ext ` | |
-extfile "$ProjectTrunk.cnf" ` | |
-in "$ProjectTrunk.csr" ` | |
-out "$ProjectTrunk.crt" ` | |
-passin pass:"$ClearPassword" ` | |
-req |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Deprecated, use https://github.com/FiloSottile/mkcert 🔥 instead!