Created
May 24, 2017 08:30
-
-
Save dv336699/f904d4c1cc710dc4bcefc6309c073562 to your computer and use it in GitHub Desktop.
trust self signed certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# second parameter is optinal | |
# it'll save to /Users/myuser/ssl-domain-certificates if not provided | |
# sh trust_domain.sh mydomain.dev | |
# sh trust_domain.sh mydomain.dev /Users/myuser/ssl-domain-certificates | |
DOMAIN=$1 | |
SAVE_PATH="${2:-/Users/`whoami`/ssl-domain-certificates}" | |
mkdir -p $SAVE_PATH | |
# delete old certificate | |
sudo security delete-certificate -c "${DOMAIN}" -t | |
# build ssl conf | |
cat > ${SAVE_PATH}/${DOMAIN}.conf <<EOL | |
[req] | |
distinguished_name = req_distinguished_name | |
req_extensions = v3_req | |
[req_distinguished_name] | |
countryName = Country Name (2 letter code) | |
countryName_default = UK | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = LO | |
localityName = Locality Name (eg, city) | |
localityName_default = London | |
organizationalUnitName = Organizational Unit Name (eg, section) | |
organizationalUnitName_default = Domain Control Validated | |
commonName = ${DOMAIN} | |
commonName_max = 64 | |
[ v3_req ] | |
# Extensions to add to a certificate request | |
basicConstraints = CA:FALSE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = ${DOMAIN} | |
DNS.2 = *.${DOMAIN} | |
EOL | |
# create private key | |
sudo openssl genrsa -out ${SAVE_PATH}/${DOMAIN}.key 2048 | |
# create csr | |
sudo openssl req -new -key ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${DOMAIN}/organizationalUnitName=/emailAddress=/" -config ${SAVE_PATH}/${DOMAIN}.conf -passin pass: | |
# create crt | |
sudo openssl x509 -req -days 3650 -in ${SAVE_PATH}/${DOMAIN}.csr -signkey ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.crt -extensions v3_req -extfile ${SAVE_PATH}/${DOMAIN}.conf | |
# trust crt | |
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${SAVE_PATH}/${DOMAIN}.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment