-
-
Save molotovbliss/7dc4a690b9986705da97810b3d338173 to your computer and use it in GitHub Desktop.
Generate a self signed certificate for HTTPS on local domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# original sauce: https://serversforhackers.com/c/self-signed-ssl-certificates | |
# ---------------------------------------------------------------------------- | |
# NOTE: Set DOMAIN variable before executing. | |
# Set the FQDN (no wildcards!) | |
DOMAIN="local.example.com" | |
# create all certificates in /etc/ssl/<domainname>/ | |
# after self signed certificates created, update apache accordingly | |
# server { | |
# listen 443 ssl; | |
# server_name example.local; | |
# root /var/www; | |
# ssl on; | |
# ssl_certificate /etc/ssl/local.example.com/local.example.com.crt; | |
# ssl_certificate_key /etc/ssl/local.example.com/local.example.com.key; | |
# ... and the rest ... | |
# } | |
# Be sure to install the new self certification/etc into Browser | |
# Chrome, under HTTPS/SSL -> Manage Certificates... -> Authorities tab | |
# Import self-signed and edit entry enabling all trust settings. | |
# A passphrase (if you need) | |
PASSPHRASE="" | |
# ---------------------------------------------------------------------------- | |
# Specify where we will install the certificate | |
SSL_DIR="/etc/ssl/$DOMAIN" | |
# Set our CSR variables | |
SUBJ=" | |
C=US | |
ST=Connecticut | |
O= | |
localityName=New Haven | |
commonName=$DOMAIN | |
organizationalUnitName= | |
emailAddress= | |
" | |
# Create our SSL directory | |
# in case it doesn't exist | |
sudo mkdir -p "$SSL_DIR" | |
# Generate our Private Key, CSR and Certificate | |
sudo openssl genrsa -out "$SSL_DIR/$DOMAIN.key" 2048 | |
sudo openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.csr" -passin pass:$PASSPHRASE | |
sudo openssl x509 -req -days 365 -in "$SSL_DIR/$DOMAIN.csr" -signkey "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.crt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment