Created
January 12, 2010 13:49
-
-
Save rwoeber/275207 to your computer and use it in GitHub Desktop.
Creates a self-signed certificate and configuration files for Rails-SSL-development (with Apache/Passenger)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Creates a self-signed certificate and configuration files for | |
| # rails-SSL-development (with Apache/Passenger) | |
| # !!! Important !!! | |
| # Some files will be created and deleted in the current working directory | |
| # perhaps it is a good idea to execute this in a dedicated tmp-dir. | |
| # see the instructions this scripts echos on howto integrate into your system | |
| DAYS=3652 # ~ 10 years | |
| DOMAIN='rails.local' # your dev domain | |
| # | |
| C_COUNTRY='DE' | |
| C_STATE='Bavaria' | |
| C_LOCALITY='MyCity' | |
| C_ORG='MyCompany' | |
| C_NAME='Joe User' | |
| # Create authority (which will sign the certificate) | |
| openssl genrsa -des3 -passout pass:secret -out ca.key 1024 | |
| openssl req -new -x509 -days $DAYS -passin pass:secret -key ca.key -out ca.crt -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=$C_NAME" | |
| # create server-files | |
| openssl genrsa -des3 -passout pass:secret -out ${DOMAIN}.key 1024 | |
| openssl req -new -key ${DOMAIN}.key -days $DAYS -passin pass:secret -out ${DOMAIN}.csr -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=*.$DOMAIN" | |
| CSR=${DOMAIN}.csr | |
| CERT=${DOMAIN}.crt | |
| # make sure environment exists | |
| mkdir -p ca.db.certs | |
| echo '01' >ca.db.serial | |
| touch ca.db.index | |
| # create an own SSLeay config | |
| cat >ca.config <<EOT | |
| [ ca ] | |
| default_ca = CA_own | |
| [ CA_own ] | |
| dir = . | |
| certs = \$dir | |
| new_certs_dir = \$dir/ca.db.certs | |
| database = \$dir/ca.db.index | |
| serial = \$dir/ca.db.serial | |
| RANDFILE = \$dir/ca.db.rand | |
| certificate = \$dir/ca.crt | |
| private_key = \$dir/ca.key | |
| default_days = $DAYS | |
| default_crl_days = 30 | |
| default_md = md5 | |
| preserve = no | |
| policy = policy_anything | |
| [ policy_anything ] | |
| countryName = optional | |
| stateOrProvinceName = optional | |
| localityName = optional | |
| organizationName = optional | |
| organizationalUnitName = optional | |
| commonName = supplied | |
| emailAddress = optional | |
| EOT | |
| # Sign certificates! | |
| echo "CA signing: $CSR -> $CERT:" | |
| openssl ca -passin pass:secret -batch -config ca.config -days $DAYS -out $CERT -infiles $CSR | |
| # IMPORTANT | |
| # remove password from key (or you will have to specifiy on apache startup) | |
| mv ${DOMAIN}.key ${DOMAIN}.key.original | |
| openssl rsa -in ${DOMAIN}.key.original -passin pass:secret -out ${DOMAIN}.key | |
| # cleanup | |
| rm -f ca.config | |
| rm -f ca.db.serial.old | |
| rm -f ca.db.index.old | |
| rm -f ${DOMAIN}.key.original | |
| # Rails-vhost-configuration (for OS X 10.5+ ) | |
| cat >rails_vhost.conf <<EOT | |
| SSLCertificateFile /etc/apache2/ssl/$DOMAIN.crt | |
| SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN.key | |
| NameVirtualHost *:80 | |
| <VirtualHost *:80> | |
| DocumentRoot "/Library/WebServer/Documents" | |
| </VirtualHost> | |
| <VirtualHost *:80> | |
| ServerName $DOMAIN | |
| ServerAlias *.$DOMAIN | |
| ProxyPass / http://localhost:3000/ retry=0 | |
| ProxyPassReverse / http://localhost:3000 | |
| ProxyPreserveHost on | |
| # DocumentRoot "/tmp" | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| SSLEngine On | |
| ServerName $DOMAIN | |
| ServerAlias *.$DOMAIN | |
| ProxyPass / http://localhost:3000/ retry=0 | |
| ProxyPassReverse / http://localhost:3000 | |
| ProxyPreserveHost on | |
| RequestHeader set X_FORWARDED_PROTO 'https' | |
| # DocumentRoot "/tmp" | |
| </VirtualHost> | |
| EOT | |
| cat <<EOT | |
| ############################################################################# | |
| # Do the following: # | |
| ############################################################################# | |
| * copy $DOMAIN.key and $DOMAIN.crt to /etc/apache2/ssl | |
| sudo mkdir -p /etc/apache2/ssl | |
| sudo cp $DOMAIN.* /etc/apache2/ssl/ | |
| * copy rails_vhost.conf to /etc/apache2/other/rails_vhost.conf | |
| sudo cp rails_vhost.conf /etc/apache2/other/ | |
| * activate Apache-SSL and configure default Virtual-Host | |
| # !!! MAKE BACKUPS when modifying system files !!! | |
| # (uncomment means: remove the '#' in front of the line) | |
| # in /etc/apache2/httpd.conf uncomment the following line | |
| # Include /private/etc/apache2/extra/httpd-ssl.conf | |
| # in /etc/apache2/extra/httpd-ssl.conf uncomment the lines from | |
| # <VirtualHost.... to | |
| # </VirtualHost... | |
| * test Apache configuration | |
| sudo apachectl configtest | |
| * restart Apache | |
| sudo apachectl restart | |
| * Let your system know $DOMAIN exists | |
| sudo echo "0.0.0.0 $DOMAIN" >> /etc/hosts | |
| * Should also work with subdomains of $DOMAIN : | |
| (add to the virtual-hosts-file manually) | |
| sudo echo "0.0.0.0 foo.$DOMAIN" >> /etc/hosts | |
| sudo echo "0.0.0.0 bar.$DOMAIN" >> /etc/hosts | |
| This applies to a standard MacOS X 10.5/10.6 Apache installation. | |
| If something goes wrong | |
| Hint: look into /var/log/apache2/error_log or ask someone who knows | |
| (or rtfm) | |
| EOT | |
| # die gracefully | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment