Last active
November 15, 2019 17:05
-
-
Save dargmuesli/538a2c382c009f4620803679c8172c9d to your computer and use it in GitHub Desktop.
Updates self signed certificates for local development via HTTPs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Updates self signed certificates for local development via HTTPs. | |
# | |
# Exit on errors, use last pipe error code, do not overwrite files, ensure | |
# variables exist | |
set -o errexit -o pipefail -o noclobber -o nounset | |
# Set color codes for use with echo | |
NC='\033[0m' | |
YELLOW='\033[0;93m' | |
function usage { | |
echo "Updates self signed certificates for local development via HTTPs." | |
echo "" | |
echo "usage: $0 <ProjectConfig> [-r <Path> | --root <Path>] [-h | --help]" | |
echo "" | |
echo " <ProjectConfig> path to target project's .cnf file" | |
echo "" | |
echo " -r, --root path to directory in which the root" \ | |
"certificate lives (defaults to '~/certificates/development/')" | |
echo " -h, --help display this help" | |
exit 1 | |
} | |
# Check if getopt is available | |
! getopt --test > /dev/null | |
if [[ ${PIPESTATUS[0]} -ne 4 ]] | |
then | |
echo "`getopt --test` failed, cannot parse parameters." | |
exit 1 | |
fi | |
# Parse command line parameters | |
OPTIONS=hr: | |
LONGOPTS=help,root: | |
! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS \ | |
--name "$0" -- "$@") | |
if [[ ${PIPESTATUS[0]} -ne 0 ]]; then | |
exit 2 | |
fi | |
eval set -- "$PARSED" | |
root="$HOME/certificates/development/" | |
while true | |
do | |
case "$1" in | |
-h|--help) | |
usage | |
;; | |
-r|--root) | |
root="$2" | |
shift 2 | |
;; | |
--) | |
shift | |
break | |
;; | |
*) | |
echo "Programming error" | |
exit 2 | |
;; | |
esac | |
done | |
if [[ $# -gt 1 ]] | |
then | |
echo -e "${YELLOW}ignoring everything after $1${NC}!" | |
fi | |
if [ $# -eq 0 ] | |
then | |
echo -e "${RED}No parameter provided!${NC}" | |
exit 1 | |
fi | |
if [ ! -f "$1" ] | |
then | |
echo -e "${RED}Configuration in $1 does not exist!${NC}" | |
exit 1 | |
fi | |
stty -echo | |
printf "Password: " | |
read password | |
stty echo | |
printf "\n" | |
catrunk="${root}development_root_ca" | |
projectname="${1##*/}" | |
projectname="${projectname%\.*}" | |
projectpath="${1%/*}/" | |
projecttrunk="$projectpath$projectname" | |
if [ ! -d "$root" ] | |
then | |
mkdir -p "$root" | |
fi | |
if [ ! -s "$catrunk.cnf" ] | |
then | |
cat >"$catrunk.cnf" <<EOL | |
# OpenSSL configuration for Root CA | |
[ req ] | |
prompt = no | |
string_mask = default | |
default_bits = 2048 | |
distinguished_name = req_distinguished_name | |
x509_extensions = x509_ext | |
[ req_distinguished_name ] | |
countryName = de | |
organizationName = Development | |
commonName = Development Root CA | |
[ x509_ext ] | |
keyUsage=critical,keyCertSign,cRLSign | |
basicConstraints=critical,CA:true,pathlen:0 | |
EOL | |
fi | |
regen=false | |
if [ -s "$catrunk.crt" ] && [ -s "$catrunk.key" ] | |
then | |
valid=$(openssl x509 -checkend 86400 -noout -in "$catrunk.crt") | |
if [ "$valid" == "Certificate will not expire" ] | |
then | |
echo "Valid CA certificate & private key already exist." | |
else | |
echo -e "${YELLOW}Invalid CA certificate & private key" \ | |
"already exist.${NC}" | |
regen=true | |
fi | |
else | |
regen=true | |
fi | |
if [ "$regen" == "true" ] | |
then | |
echo "Creating CA certificate & private key..." | |
openssl req \ | |
-config "$catrunk.cnf" \ | |
-days 365 \ | |
-keyout "$catrunk.key" \ | |
-new \ | |
-out "$catrunk.crt" \ | |
-passout pass:"$password" \ | |
-x509 | |
fi | |
echo "Creating server certificate & private key..." | |
openssl req \ | |
-config "$projecttrunk.cnf" \ | |
-keyout "$projecttrunk.key" \ | |
-new \ | |
-nodes \ | |
-out "$projecttrunk.csr" | |
echo "Signing with CA..." | |
openssl x509 \ | |
-CA "$catrunk.crt" \ | |
-CAkey "$catrunk.key" \ | |
-CAcreateserial \ | |
-days 365 \ | |
-extensions x509_ext \ | |
-extfile "$projecttrunk.cnf" \ | |
-in "$projecttrunk.csr" \ | |
-out "$projecttrunk.crt" \ | |
-passin pass:"$password" \ | |
-req |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Deprecated, use https://github.com/FiloSottile/mkcert 🔥 instead!