Last active
May 1, 2017 14:50
-
-
Save rorymcdaniel/bdb69000f06a8ffec25ef9022dcd89b0 to your computer and use it in GitHub Desktop.
Generate a self signed certificate for development and make Chrome trust it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Usage: generatecert.sh domainname.dev | |
# Generates a key and self signed certificate, then requires Linux Chrome to trust the certificate | |
# Dependency: libnss3-tools (sudo apt install libnss3-tools) | |
if (( $EUID != 0 )); then | |
echo "Please run again with sudo" | |
exit | |
fi | |
if [ "$#" -ne 1 ]; then | |
echo "You must supply the domain name for the certificate" | |
exit | |
fi | |
domain=$1 | |
# Generate the Certificate | |
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 | |
openssl rsa -passin pass:x -in server.pass.key -out $domain.key | |
rm server.pass.key | |
#openssl req -new -key $domain.key -out $domain.csr \ | |
# -subj "/C=US/ST=MD/L=Frederick/O=BrigthOak/OU=IT Department/CN=$domain" | |
openssl req \ | |
-key $domain.key \ | |
-x509 \ | |
-nodes \ | |
-new \ | |
-out $domain.crt \ | |
-subj "/C=US/ST=MD/L=YourTown/O=YourCompany/OU=IT Department/CN=$domain" \ | |
-reqexts SAN \ | |
-extensions SAN \ | |
-config <(cat /usr/lib/ssl/openssl.cnf \ | |
<(printf "[SAN]\nsubjectAltName=DNS:$domain")) \ | |
-sha256 \ | |
-days 3650 | |
openssl x509 -req -days 365 -in $domain.csr -signkey $domain.key -out $domain.crt | |
# Move Certificate and Key to final destination | |
mv $domain.key /etc/apache2/ssl/ | |
mv $domain.crt /etc/apache2/ssl/ | |
# Make Chrome trust the new certificate | |
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n /etc/apache2/ssl/$domain.crt -i /etc/apache2/ssl/$domain.crt | |
echo "Certificate generated and complete. You must now add them to your virtualhost file." | |
~ | |
~ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment