Generate ROOT CA and self signed certificates from localhost

gen-cert.sh

#!/usr/bin/env bash

if [ -z "$1" ]; then
  echo "Usage: gen-cert.sh <maindomain> [coma separated list of other domains]"
  exit 1
fi

DomainName="$1";
moreDomains="$2";

COUNTRY=IN
STATE='My state'
LOCALITY='My Location'
ORGANIZATION='My Organization, Inc.'
ORGANIZATION_UNIT='My Organization Unit'



subjLine="/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION/OU=$ORGANIZATION_UNIT/CN=$DomainName"
if [[ -n "$moreDomains" ]]; then
  altLine="$( echo $moreDomains | sed 's/,/,DNS:/g' )"
  altLine="DNS:$altLine"
fi

echo "## Generating Root CA key - Onetime process"
[[ -f rootCA.key ]] || openssl genrsa -des3 -out rootCA.key 2048

echo "## Generating Root CA certificate - Onetime process"
[[ -f rootCA.pem ]] || openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

echo "## Generating certificate key ..."
[[ -f certs/$DomainName.key ]] || openssl genrsa -des3 -out certs/$DomainName.key 1024

echo "## Generating Certificate signing request ..."
[[ -f certs/$DomainName.csr ]] || openssl req -nodes -sha256 -newkey rsa:2048 -keyout certs/$DomainName.key -out certs/$DomainName.csr -subj "$subjLine"  -addext "subjectAltName=$altLine"



echo "Signing CSR with root key"

[[ -f certs/$DomainName.crt ]] || openssl x509 -req -in certs/$DomainName.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out certs/$DomainName.crt -days 500 -sha256 -extfile <(printf "subjectAltName=$altLine")

To install root CA in fedora,

cp rootCA.pem /etc/pki/ca-trust/source/anchors/my-rootCA.pem
update-ca-trust

To quickly run https proxy, use https://github.com/suyashkumar/ssl-proxy