Last active
February 12, 2018 17:40
-
-
Save henderea/982f84ad2f7b3609802aa6cfe64ae576 to your computer and use it in GitHub Desktop.
For creating local SSL certs given a CSR file, CA file, and CA Key file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
fname="$HOME/.local-ssl-create-hosts.lst" | |
sname="$HOME/.local-ssl-create-hosts.properties" | |
function dedupe_list { | |
cat "$fname" | downcase | sort | uniq - "$fname" | |
} | |
function merge_stdin_and_params { | |
name=$1 | |
shift | |
if [ ! -t 0 ]; then | |
v="$(cat -)" | |
else | |
v="" | |
fi | |
if [ $# -gt 0 ]; then | |
if [ -n "$v" ]; then | |
v="$v " | |
fi | |
v="$v$@" | |
fi | |
export $name="$v" | |
} | |
function downcase { | |
merge_stdin_and_params c $@ | |
cat <<<"$c" | tr "[:upper:]" "[:lower:]" | |
} | |
function main { | |
case "$1" in | |
host | hosts) | |
case "$2" in | |
add | insert) | |
echo "$3" >>"$fname" | |
dedupe_list | |
;; | |
remove | rm | delete) | |
dedupe_list | |
grep --color=never -v "$(downcase "$3")" "$fname" >"$fname" | |
dedupe_list | |
;; | |
list | ls) | |
cat "$fname" | sort | |
;; | |
-h | --help | help) | |
cat << EOM | |
usage: local-ssl-create.sh $1 [command] | |
NOTE: Duplicates are removed, and all hosts are converted to lowercase | |
commands: | |
-h, --help, help Print this help message | |
add, insert Add a host to the list | |
remove, rm, delete Remove a host from the list | |
list, ls Configure one of the settings | |
EOM | |
;; | |
*) | |
if [ $# -eq 1 ]; then | |
main $1 help | |
exit | |
fi | |
echo "Unknown command $1 $2" | |
exit 1 | |
;; | |
esac | |
;; | |
config | setting | settings) | |
case "$2" in | |
list | ls) | |
[[ -e "$sname" ]] && source "$sname" | |
cat << EOM | |
CSR File = $local_ssl_create_csr_file | |
CA File = $local_ssl_create_ca_file | |
CA Key File = $local_ssl_create_ca_key_file | |
CRT Output = $local_ssl_create_crt_out | |
EOM | |
;; | |
show | get) | |
[[ -e "$sname" ]] && source "$sname" | |
case "$(downcase "$3")" in | |
csr | "csr file" | csr_file | csr-file) | |
echo $local_ssl_create_csr_file | |
;; | |
ca | "ca file" | ca_file | ca-file) | |
echo $local_ssl_create_ca_file | |
;; | |
key | "ca key" | ca_key | ca-key | "ca key file" | ca_key_file | ca-key-file) | |
echo $local_ssl_create_ca_key_file | |
;; | |
crt | "crt output" | crt_output | crt-output) | |
echo $local_ssl_create_crt_output | |
;; | |
*) | |
echo "Unknown setting $(downcase "$3")" | |
exit 1 | |
;; | |
esac | |
;; | |
set) | |
[[ -e "$sname" ]] && source "$sname" | |
case "$(downcase "$3")" in | |
csr | "csr file" | csr_file | csr-file) | |
local_ssl_create_csr_file="$4" | |
;; | |
ca | "ca file" | ca_file | ca-file) | |
local_ssl_create_ca_file="$4" | |
;; | |
key | "ca key" | ca_key | ca-key | "ca key file" | ca_key_file | ca-key-file) | |
local_ssl_create_ca_key_file="$4" | |
;; | |
crt | "crt output" | crt_output | crt-output) | |
local_ssl_create_crt_out="$4" | |
;; | |
*) | |
echo "Unknown setting $3" | |
exit 1 | |
;; | |
esac | |
cat >"$sname" << EOM | |
export local_ssl_create_csr_file="$local_ssl_create_csr_file" | |
export local_ssl_create_ca_file="$local_ssl_create_ca_file" | |
export local_ssl_create_ca_key_file="$local_ssl_create_ca_key_file" | |
export local_ssl_create_crt_out="$local_ssl_create_crt_out" | |
EOM | |
;; | |
-h | --help | help) | |
cat << EOM | |
usage: local-ssl-create.sh $1 [command] | |
commands: | |
-h, --help, help Print this help message | |
list, ls Print the current settings | |
show, get Print the current value of a specific setting | |
set Configure one of the settings | |
EOM | |
;; | |
*) | |
if [ $# -eq 1 ]; then | |
main $1 help | |
exit | |
fi | |
echo "Unknown command $1 $2" | |
exit 1 | |
;; | |
esac | |
;; | |
create) | |
if [ "$2" == "help" ] || [ "$2" == "-h" ] || [ "$2" == "--help" ]; then | |
echo "No specific help for this command" | |
exit; | |
elif [ $# -gt 1 ]; then | |
echo "The create command does not take any arguments" | |
exit 1 | |
fi | |
[[ -e "$sname" ]] && source "$sname" | |
dedupe_list | |
list="$(cat $fname | awk '{ print "DNS."NR" = "$0; }')" | |
cat > /tmp/local-ssl-create.ext << EOF | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
$list | |
EOF | |
openssl x509 -req -in "$local_ssl_create_csr_file" -CA "$local_ssl_create_ca_file" -CAkey "$local_ssl_create_ca_key_file" -CAcreateserial -out "$local_ssl_create_crt_out" -days 1825 -sha256 -extfile /tmp/local-ssl-create.ext | |
rm -rf /tmp/local-ssl-create.ext | |
echo "Find your certificate at '$local_ssl_create_crt_out'" | |
;; | |
-h | --help | help) | |
if [ $# -gt 1 ]; then | |
main $2 help | |
else | |
cat << EOM | |
usage: local-ssl-create.sh [command] | |
Enables creating a local SSL Certificate, given a CSR file, CA file, and CA Key file | |
NOTE: you can pass a subcommand name to the help command to get help on that subcommand | |
commands: | |
-h, --help, help Print this help message | |
host, hosts Manage the hosts in the SSL Certificate | |
setting, settings, config Manage the settings for the input and output files | |
create Create the SSL Certificate with the configured hosts and files | |
EOM | |
fi | |
;; | |
*) | |
if [ $# -eq 0 ]; then | |
main help | |
exit | |
fi | |
echo "Unknown command $1" | |
exit 1 | |
;; | |
esac | |
} | |
main $@ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ and https://passingcuriosity.com/2013/dnsmasq-dev-osx/ would be useful references. As would https://gist.github.com/henderea/b1bfea6cce3e345684eaf76fb93f03e7