Created
July 16, 2018 20:55
-
-
Save demaisj/e9ead1206494b6de2fb6690db8587cd2 to your computer and use it in GitHub Desktop.
Helps managing localhost certificates on Arch Linux with a custom CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
DEST="${XDG_CONFIG_HOME:-~/.config}/ssl" | |
CA="$DEST/ca" | |
ORG="Localhost" | |
function uninstall { | |
if [ ! -f "$CA.crt" ] || [ ! -f "$CA.key" ]; then | |
echo "Missing root CA certificate file, aborting..." | |
exit 1 | |
fi | |
echo "Removing root CA certificate..." | |
sudo trust anchor --remove "$CA.crt" | |
echo "OK" | |
} | |
function install { | |
if [ -f "$CA.crt" ]; then | |
uninstall | |
fi | |
mkdir -p "$DEST" | |
echo "Generating private key..." | |
openssl genpkey -algorithm RSA -out "$CA.key" | |
echo "Generating root CA certificate..." | |
openssl req -x509 -key "$CA.key" -days 365 -out "$CA.crt" \ | |
-subj "/CN=$ORG/O=$ORG" | |
echo "Trusting root CA certificate..." | |
sudo trust anchor "$CA.crt" | |
echo "Certificate saved at $CA.crt" | |
} | |
function gen { | |
if [ ! -f "$CA.crt" ] || [ ! -f "$CA.key" ]; then | |
echo "Missing root CA certificate file, aborting..." | |
exit 1 | |
fi | |
read -p "Certificate domain: " DOMAIN | |
mkdir -p "$DEST/certs" | |
CERT="$DEST/certs/$DOMAIN" | |
echo "Generating private key..." | |
openssl genpkey -algorithm RSA -out "$CERT.key" | |
echo "Generating CSR..." | |
openssl req -new -key "$CERT.key" -out "$CERT.csr" \ | |
-subj "/CN=$DOMAIN/O=$ORG" | |
echo "Generating certificate..." | |
openssl x509 -req -in "$CERT.csr" -days 365 -out "$CERT.crt" \ | |
-CA "$CA.crt" -CAkey "$CA.key" -CAcreateserial \ | |
-extfile <(cat <<END | |
basicConstraints = CA:FALSE | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid,issuer | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = $DOMAIN | |
DNS.2 = *.$DOMAIN | |
END | |
) | |
echo "Certificate saved at $CERT.crt" | |
} | |
case "$1" in | |
"install") | |
install | |
;; | |
"uninstall") | |
uninstall | |
;; | |
"gen") | |
gen | |
;; | |
*) | |
echo "USAGE: $0 CMD" | |
echo " install: Installs & trusts root local CA" | |
echo " uninstall: Remove root local CA" | |
echo " gen: Generates a new certificate issued by the local CA" | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment