Created
May 28, 2018 17:38
-
-
Save dobesv/474644248022d65be8ffd36e637fcda1 to your computer and use it in GitHub Desktop.
Script to create a local certificate authority and TLS certificate for a given domain name.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -x | |
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |
NAME=${1:-localhost} | |
CA_KEY=$DIR/dev_cert_ca.key.pem | |
[ -f $CA_KEY ] || openssl genrsa -des3 -out $CA_KEY 2048 | |
CA_CERT=$DIR/dev_cert_ca.cert.pem | |
[ -f $CA_CERT ] || openssl req -x509 -new -nodes -key $CA_KEY -sha256 -days 1825 -out $CA_CERT | |
HOST_KEY=$DIR/$NAME.key.pem | |
[ -f $HOST_KEY ] || openssl genrsa -out $HOST_KEY 2048 | |
HOST_CERT=$DIR/$NAME.cert.pem | |
if ! [ -f $HOST_CERT ] ; then | |
HOST_CSR=$DIR/$NAME.csr.pem | |
[ -f $HOST_CSR ] || openssl req -new -key $HOST_KEY -out $HOST_CSR | |
HOST_EXT=$DIR/$NAME.ext | |
echo >$HOST_EXT | |
echo >>$HOST_EXT authorityKeyIdentifier=keyid,issuer | |
echo >>$HOST_EXT basicConstraints=CA:FALSE | |
echo >>$HOST_EXT keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
echo >>$HOST_EXT subjectAltName = @alt_names | |
echo >>$HOST_EXT | |
echo >>$HOST_EXT [alt_names] | |
NAME_N=1 | |
for ALT_NAME in "$@" ; do | |
echo >>$HOST_EXT DNS.$NAME_N = $NAME | |
NAME_N=$(( NAME_N + 1 )) | |
done | |
openssl x509 -req -in $HOST_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial \ | |
-out $HOST_CERT -days 1825 -sha256 -extfile $HOST_EXT | |
rm $HOST_EXT | |
fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you import the CA cert from this into your browser, the domain name specific certs will be trusted by the browser automatically without a prompt.