Skip to content

Instantly share code, notes, and snippets.

@henderea

henderea/local-ssl-create.sh

Last active February 12, 2018 17:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save henderea/982f84ad2f7b3609802aa6cfe64ae576 to your computer and use it in GitHub Desktop.
Save henderea/982f84ad2f7b3609802aa6cfe64ae576 to your computer and use it in GitHub Desktop.
Download ZIP
For creating local SSL certs given a CSR file, CA file, and CA Key file
Raw
local-ssl-create.sh
#!/usr/bin/env bash
fname="$HOME/.local-ssl-create-hosts.lst"
sname="$HOME/.local-ssl-create-hosts.properties"
function dedupe_list {
cat "$fname" | downcase | sort | uniq - "$fname"
}
function merge_stdin_and_params {
name=$1
shift
if [ ! -t 0 ]; then
v="$(cat -)"
else
v=""
fi
if [ $# -gt 0 ]; then
if [ -n "$v" ]; then
v="$v "
fi
v="$v$@"
fi
export $name="$v"
}
function downcase {
merge_stdin_and_params c $@
cat <<<"$c" | tr "[:upper:]" "[:lower:]"
}
function main {
case "$1" in
host | hosts)
case "$2" in
add | insert)
echo "$3" >>"$fname"
dedupe_list
;;
remove | rm | delete)
dedupe_list
grep --color=never -v "$(downcase "$3")" "$fname" >"$fname"
dedupe_list
;;
list | ls)
cat "$fname" | sort
;;
-h | --help | help)
cat << EOM
usage: local-ssl-create.sh $1 [command]
NOTE: Duplicates are removed, and all hosts are converted to lowercase
commands:
-h, --help, help Print this help message
add, insert Add a host to the list
remove, rm, delete Remove a host from the list
list, ls Configure one of the settings
EOM
;;
*)
if [ $# -eq 1 ]; then
main $1 help
exit
fi
echo "Unknown command $1 $2"
exit 1
;;
esac
;;
config | setting | settings)
case "$2" in
list | ls)
[[ -e "$sname" ]] && source "$sname"
cat << EOM
CSR File = $local_ssl_create_csr_file
CA File = $local_ssl_create_ca_file
CA Key File = $local_ssl_create_ca_key_file
CRT Output = $local_ssl_create_crt_out
EOM
;;
show | get)
[[ -e "$sname" ]] && source "$sname"
case "$(downcase "$3")" in
csr | "csr file" | csr_file | csr-file)
echo $local_ssl_create_csr_file
;;
ca | "ca file" | ca_file | ca-file)
echo $local_ssl_create_ca_file
;;
key | "ca key" | ca_key | ca-key | "ca key file" | ca_key_file | ca-key-file)
echo $local_ssl_create_ca_key_file
;;
crt | "crt output" | crt_output | crt-output)
echo $local_ssl_create_crt_output
;;
*)
echo "Unknown setting $(downcase "$3")"
exit 1
;;
esac
;;
set)
[[ -e "$sname" ]] && source "$sname"
case "$(downcase "$3")" in
csr | "csr file" | csr_file | csr-file)
local_ssl_create_csr_file="$4"
;;
ca | "ca file" | ca_file | ca-file)
local_ssl_create_ca_file="$4"
;;
key | "ca key" | ca_key | ca-key | "ca key file" | ca_key_file | ca-key-file)
local_ssl_create_ca_key_file="$4"
;;
crt | "crt output" | crt_output | crt-output)
local_ssl_create_crt_out="$4"
;;
*)
echo "Unknown setting $3"
exit 1
;;
esac
cat >"$sname" << EOM
export local_ssl_create_csr_file="$local_ssl_create_csr_file"
export local_ssl_create_ca_file="$local_ssl_create_ca_file"
export local_ssl_create_ca_key_file="$local_ssl_create_ca_key_file"
export local_ssl_create_crt_out="$local_ssl_create_crt_out"
EOM
;;
-h | --help | help)
cat << EOM
usage: local-ssl-create.sh $1 [command]
commands:
-h, --help, help Print this help message
list, ls Print the current settings
show, get Print the current value of a specific setting
set Configure one of the settings
EOM
;;
*)
if [ $# -eq 1 ]; then
main $1 help
exit
fi
echo "Unknown command $1 $2"
exit 1
;;
esac
;;
create)
if [ "$2" == "help" ] || [ "$2" == "-h" ] || [ "$2" == "--help" ]; then
echo "No specific help for this command"
exit;
elif [ $# -gt 1 ]; then
echo "The create command does not take any arguments"
exit 1
fi
[[ -e "$sname" ]] && source "$sname"
dedupe_list
list="$(cat $fname | awk '{ print "DNS."NR" = "$0; }')"
cat > /tmp/local-ssl-create.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
$list
EOF
openssl x509 -req -in "$local_ssl_create_csr_file" -CA "$local_ssl_create_ca_file" -CAkey "$local_ssl_create_ca_key_file" -CAcreateserial -out "$local_ssl_create_crt_out" -days 1825 -sha256 -extfile /tmp/local-ssl-create.ext
rm -rf /tmp/local-ssl-create.ext
echo "Find your certificate at '$local_ssl_create_crt_out'"
;;
-h | --help | help)
if [ $# -gt 1 ]; then
main $2 help
else
cat << EOM
usage: local-ssl-create.sh [command]
Enables creating a local SSL Certificate, given a CSR file, CA file, and CA Key file
NOTE: you can pass a subcommand name to the help command to get help on that subcommand
commands:
-h, --help, help Print this help message
host, hosts Manage the hosts in the SSL Certificate
setting, settings, config Manage the settings for the input and output files
create Create the SSL Certificate with the configured hosts and files
EOM
fi
;;
*)
if [ $# -eq 0 ]; then
main help
exit
fi
echo "Unknown command $1"
exit 1
;;
esac
}
main $@
@henderea
Copy link
Author

https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ and https://passingcuriosity.com/2013/dnsmasq-dev-osx/ would be useful references. As would https://gist.github.com/henderea/b1bfea6cce3e345684eaf76fb93f03e7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment