rorymcdaniel/generatecert.sh

## generatecert.sh
#!/bin/bash
# Usage: generatecert.sh domainname.dev
# Generates a key and self signed certificate, then requires Linux Chrome to trust the certificate
# Dependency: libnss3-tools (sudo apt install libnss3-tools)


if (( $EUID != 0 )); then
    echo "Please run again with sudo"
    exit
fi

if [ "$#" -ne 1 ]; then
    echo "You must supply the domain name for the certificate"
    exit
fi

domain=$1

# Generate the Certificate
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out $domain.key
rm server.pass.key
#openssl req -new -key $domain.key -out $domain.csr \
#  -subj "/C=US/ST=MD/L=Frederick/O=BrigthOak/OU=IT Department/CN=$domain"
openssl req \
    -key $domain.key \
    -x509 \
    -nodes \
    -new \
    -out $domain.crt \
    -subj "/C=US/ST=MD/L=YourTown/O=YourCompany/OU=IT Department/CN=$domain" \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat /usr/lib/ssl/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:$domain")) \
    -sha256 \
    -days 3650
openssl x509 -req -days 365 -in $domain.csr -signkey $domain.key -out $domain.crt

# Move Certificate and Key to final destination
mv $domain.key /etc/apache2/ssl/
mv $domain.crt /etc/apache2/ssl/

# Make Chrome trust the new certificate
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n /etc/apache2/ssl/$domain.crt -i /etc/apache2/ssl/$domain.crt

echo "Certificate generated and complete. You must now add them to your virtualhost file."
~
~
	#!/bin/bash
	# Usage: generatecert.sh domainname.dev
	# Generates a key and self signed certificate, then requires Linux Chrome to trust the certificate
	# Dependency: libnss3-tools (sudo apt install libnss3-tools)


	if (( $EUID != 0 )); then
	echo "Please run again with sudo"
	exit
	fi

	if [ "$#" -ne 1 ]; then
	echo "You must supply the domain name for the certificate"
	exit
	fi

	domain=$1

	# Generate the Certificate
	openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
	openssl rsa -passin pass:x -in server.pass.key -out $domain.key
	rm server.pass.key
	#openssl req -new -key $domain.key -out $domain.csr \
	# -subj "/C=US/ST=MD/L=Frederick/O=BrigthOak/OU=IT Department/CN=$domain"
	openssl req \
	-key $domain.key \
	-x509 \
	-nodes \
	-new \
	-out $domain.crt \
	-subj "/C=US/ST=MD/L=YourTown/O=YourCompany/OU=IT Department/CN=$domain" \
	-reqexts SAN \
	-extensions SAN \
	-config <(cat /usr/lib/ssl/openssl.cnf \
	<(printf "[SAN]\nsubjectAltName=DNS:$domain")) \
	-sha256 \
	-days 3650
	openssl x509 -req -days 365 -in $domain.csr -signkey $domain.key -out $domain.crt

	# Move Certificate and Key to final destination
	mv $domain.key /etc/apache2/ssl/
	mv $domain.crt /etc/apache2/ssl/

	# Make Chrome trust the new certificate
	certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n /etc/apache2/ssl/$domain.crt -i /etc/apache2/ssl/$domain.crt

	echo "Certificate generated and complete. You must now add them to your virtualhost file."
	~
	~