dv336699/trust_domain.sh

## trust_domain.sh
#!/bin/bash
# second parameter is optinal
# it'll save to /Users/myuser/ssl-domain-certificates if not provided

# sh trust_domain.sh mydomain.dev
# sh trust_domain.sh mydomain.dev /Users/myuser/ssl-domain-certificates


DOMAIN=$1
SAVE_PATH="${2:-/Users/`whoami`/ssl-domain-certificates}"
mkdir -p $SAVE_PATH

# delete old certificate
sudo security delete-certificate -c "${DOMAIN}" -t

# build ssl conf
cat > ${SAVE_PATH}/${DOMAIN}.conf <<EOL
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = UK
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = LO
localityName = Locality Name (eg, city)
localityName_default = London
organizationalUnitName	= Organizational Unit Name (eg, section)
organizationalUnitName_default	= Domain Control Validated
commonName = ${DOMAIN}
commonName_max	= 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${DOMAIN}
DNS.2 = *.${DOMAIN}
EOL

# create private key
sudo openssl genrsa -out ${SAVE_PATH}/${DOMAIN}.key 2048

# create csr
sudo openssl req -new -key ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${DOMAIN}/organizationalUnitName=/emailAddress=/" -config ${SAVE_PATH}/${DOMAIN}.conf -passin pass:

# create crt
sudo openssl x509 -req -days 3650 -in ${SAVE_PATH}/${DOMAIN}.csr -signkey ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.crt -extensions v3_req -extfile ${SAVE_PATH}/${DOMAIN}.conf

# trust crt
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${SAVE_PATH}/${DOMAIN}.crt
	#!/bin/bash
	# second parameter is optinal
	# it'll save to /Users/myuser/ssl-domain-certificates if not provided

	# sh trust_domain.sh mydomain.dev
	# sh trust_domain.sh mydomain.dev /Users/myuser/ssl-domain-certificates


	DOMAIN=$1
	SAVE_PATH="${2:-/Users/`whoami`/ssl-domain-certificates}"
	mkdir -p $SAVE_PATH

	# delete old certificate
	sudo security delete-certificate -c "${DOMAIN}" -t

	# build ssl conf
	cat > ${SAVE_PATH}/${DOMAIN}.conf <<EOL
	[req]
	distinguished_name = req_distinguished_name
	req_extensions = v3_req

	[req_distinguished_name]
	countryName = Country Name (2 letter code)
	countryName_default = UK
	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = LO
	localityName = Locality Name (eg, city)
	localityName_default = London
	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = Domain Control Validated
	commonName = ${DOMAIN}
	commonName_max = 64

	[ v3_req ]
	# Extensions to add to a certificate request
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = ${DOMAIN}
	DNS.2 = *.${DOMAIN}
	EOL

	# create private key
	sudo openssl genrsa -out ${SAVE_PATH}/${DOMAIN}.key 2048

	# create csr
	sudo openssl req -new -key ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${DOMAIN}/organizationalUnitName=/emailAddress=/" -config ${SAVE_PATH}/${DOMAIN}.conf -passin pass:

	# create crt
	sudo openssl x509 -req -days 3650 -in ${SAVE_PATH}/${DOMAIN}.csr -signkey ${SAVE_PATH}/${DOMAIN}.key -out ${SAVE_PATH}/${DOMAIN}.crt -extensions v3_req -extfile ${SAVE_PATH}/${DOMAIN}.conf

	# trust crt
	sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${SAVE_PATH}/${DOMAIN}.crt