demaisj/cert.sh

## cert.sh
#!/bin/bash

DEST="${XDG_CONFIG_HOME:-~/.config}/ssl"
CA="$DEST/ca"
ORG="Localhost"

function uninstall {
    if [ ! -f "$CA.crt" ] || [ ! -f "$CA.key" ]; then
	echo "Missing root CA certificate file, aborting..."
	exit 1
    fi

    echo "Removing root CA certificate..."
    sudo trust anchor --remove "$CA.crt"

    echo "OK"
}

function install {
    if [ -f "$CA.crt" ]; then
	uninstall
    fi
    mkdir -p "$DEST"

    echo "Generating private key..."
    openssl genpkey -algorithm RSA -out "$CA.key"

    echo "Generating root CA certificate..."
    openssl req -x509 -key "$CA.key" -days 365 -out "$CA.crt" \
	    -subj "/CN=$ORG/O=$ORG"

    echo "Trusting root CA certificate..."
    sudo trust anchor "$CA.crt"

    echo "Certificate saved at $CA.crt"
}

function gen {
    if [ ! -f "$CA.crt" ] || [ ! -f "$CA.key" ]; then
	echo "Missing root CA certificate file, aborting..."
	exit 1
    fi

    read -p "Certificate domain: " DOMAIN

    mkdir -p "$DEST/certs"
    CERT="$DEST/certs/$DOMAIN"

    echo "Generating private key..."
    openssl genpkey -algorithm RSA -out "$CERT.key"

    echo "Generating CSR..."
    openssl req -new -key "$CERT.key" -out "$CERT.csr" \
	    -subj "/CN=$DOMAIN/O=$ORG"

    echo "Generating certificate..."
    openssl x509 -req -in "$CERT.csr" -days 365 -out "$CERT.crt" \
	    -CA "$CA.crt" -CAkey "$CA.key" -CAcreateserial \
	    -extfile <(cat <<END
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
DNS.2 = *.$DOMAIN
END
		      )

    echo "Certificate saved at $CERT.crt"
}

case "$1" in
    "install")
	install
    ;;
    "uninstall")
	uninstall
    ;;
    "gen")
	gen
    ;;
    *)
	echo "USAGE: $0 CMD"
	echo "    install:   Installs & trusts root local CA"
	echo "    uninstall: Remove root local CA"
	echo "    gen:       Generates a new certificate issued by the local CA"
    ;;
esac
	#!/bin/bash

	DEST="${XDG_CONFIG_HOME:-~/.config}/ssl"
	CA="$DEST/ca"
	ORG="Localhost"

	function uninstall {
	if [ ! -f "$CA.crt" ] \|\| [ ! -f "$CA.key" ]; then
	echo "Missing root CA certificate file, aborting..."
	exit 1
	fi

	echo "Removing root CA certificate..."
	sudo trust anchor --remove "$CA.crt"

	echo "OK"
	}

	function install {
	if [ -f "$CA.crt" ]; then
	uninstall
	fi
	mkdir -p "$DEST"

	echo "Generating private key..."
	openssl genpkey -algorithm RSA -out "$CA.key"

	echo "Generating root CA certificate..."
	openssl req -x509 -key "$CA.key" -days 365 -out "$CA.crt" \
	-subj "/CN=$ORG/O=$ORG"

	echo "Trusting root CA certificate..."
	sudo trust anchor "$CA.crt"

	echo "Certificate saved at $CA.crt"
	}

	function gen {
	if [ ! -f "$CA.crt" ] \|\| [ ! -f "$CA.key" ]; then
	echo "Missing root CA certificate file, aborting..."
	exit 1
	fi

	read -p "Certificate domain: " DOMAIN

	mkdir -p "$DEST/certs"
	CERT="$DEST/certs/$DOMAIN"

	echo "Generating private key..."
	openssl genpkey -algorithm RSA -out "$CERT.key"

	echo "Generating CSR..."
	openssl req -new -key "$CERT.key" -out "$CERT.csr" \
	-subj "/CN=$DOMAIN/O=$ORG"

	echo "Generating certificate..."
	openssl x509 -req -in "$CERT.csr" -days 365 -out "$CERT.crt" \
	-CA "$CA.crt" -CAkey "$CA.key" -CAcreateserial \
	-extfile <(cat <<END
	basicConstraints = CA:FALSE
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid,issuer
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = $DOMAIN
	DNS.2 = *.$DOMAIN
	END
	)

	echo "Certificate saved at $CERT.crt"
	}

	case "$1" in
	"install")
	install
	;;
	"uninstall")
	uninstall
	;;
	"gen")
	gen
	;;
	*)
	echo "USAGE: $0 CMD"
	echo " install: Installs & trusts root local CA"
	echo " uninstall: Remove root local CA"
	echo " gen: Generates a new certificate issued by the local CA"
	;;
	esac