Generate a self signed certificate for HTTPS on local domains

local-self-signed-ssl.sh

#!/usr/bin/env bash

# original sauce: https://serversforhackers.com/c/self-signed-ssl-certificates

# ----------------------------------------------------------------------------
# NOTE: Set DOMAIN variable before executing.

# Set the FQDN (no wildcards!)
DOMAIN="local.example.com"

# create all certificates in /etc/ssl/<domainname>/
# after self signed certificates created, update apache accordingly

# server {
#     listen 443 ssl;
#     server_name example.local;
#     root /var/www;
#     ssl on;
#     ssl_certificate     /etc/ssl/local.example.com/local.example.com.crt; 
#     ssl_certificate_key /etc/ssl/local.example.com/local.example.com.key;
#     ... and the rest ...
# }

# Be sure to install the new self certification/etc into Browser
# Chrome, under HTTPS/SSL -> Manage Certificates... -> Authorities tab
# Import self-signed and edit entry enabling all trust settings.

# A passphrase (if you need)
PASSPHRASE=""

# ----------------------------------------------------------------------------

# Specify where we will install the certificate
SSL_DIR="/etc/ssl/$DOMAIN"

# Set our CSR variables
SUBJ="
C=US
ST=Connecticut
O=
localityName=New Haven
commonName=$DOMAIN
organizationalUnitName=
emailAddress=
"
# Create our SSL directory
# in case it doesn't exist
sudo mkdir -p "$SSL_DIR"

# Generate our Private Key, CSR and Certificate
sudo openssl genrsa -out "$SSL_DIR/$DOMAIN.key" 2048
sudo openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.csr" -passin pass:$PASSPHRASE
sudo openssl x509 -req -days 365 -in "$SSL_DIR/$DOMAIN.csr" -signkey "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.crt"