selfsimilar/certs_gen.sh

## certs_gen.sh
#!/usr/bin/env bash

# A script for OS X to help generate and install SSL certificates for localhost.
# This is known to work on El Capitan, but should work on all 10.x releases.
#
# NOTE: THIS SCRIPT MUST BE RUN AS SU.
#
# This parses your hosts file and for all hostnames mapped to 127.0.0.1 it
# checks to see if a certificate exists for that domain. If not it:
#  * Creates an SSL key and certificate.
#  * Removes any older certificate and then adds the new certificate to your
#    keychain's trusted store.
# It's up to you to edit your apache/nginx configuration to use the key and
# certificate per domain.
# Also, you'll want to fill in the values in the [ req_distinguished_name ]
# section and update the default location of certificates for your machine.

certstore="/private/etc/apache2/ssl"
cnf="[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = US
ST = Alabama
L = Smallville
O = Widgets Co
OU = Technology Dept
emailAddress = webmaster@widgets.com"
regex="^127\.0\.0\.1[ \t]+(.*)$"
while read p; do
  if [[ $p =~ $regex ]] ; then
    domain="${BASH_REMATCH[1]}"
    if [[ $domain != "localhost" && ! -f $certstore/$domain.crt ]] ; then
      echo "$cnf"$'\n'"CN = $domain" > $certstore/$domain.cnf
      openssl req -newkey rsa:2048 -nodes \
        -keyout $certstore/$domain.key \
        -config $certstore/$domain.cnf \
        -x509 -days 3560 -out $certstore/$domain.crt
      security delete-certificate -c $domain
      security add-trusted-cert -d -r trustRoot \
        -k /Library/Keychains/System.keychain $certstore/$domain.crt
    fi
  fi
done </etc/hosts
	#!/usr/bin/env bash

	# A script for OS X to help generate and install SSL certificates for localhost.
	# This is known to work on El Capitan, but should work on all 10.x releases.
	#
	# NOTE: THIS SCRIPT MUST BE RUN AS SU.
	#
	# This parses your hosts file and for all hostnames mapped to 127.0.0.1 it
	# checks to see if a certificate exists for that domain. If not it:
	# * Creates an SSL key and certificate.
	# * Removes any older certificate and then adds the new certificate to your
	# keychain's trusted store.
	# It's up to you to edit your apache/nginx configuration to use the key and
	# certificate per domain.
	# Also, you'll want to fill in the values in the [ req_distinguished_name ]
	# section and update the default location of certificates for your machine.

	certstore="/private/etc/apache2/ssl"
	cnf="[ req ]
	default_bits = 2048
	distinguished_name = req_distinguished_name
	prompt = no
	[ req_distinguished_name ]
	C = US
	ST = Alabama
	L = Smallville
	O = Widgets Co
	OU = Technology Dept
	emailAddress = webmaster@widgets.com"
	regex="^127\.0\.0\.1[ \t]+(.*)$"
	while read p; do
	if [[ $p =~ $regex ]] ; then
	domain="${BASH_REMATCH[1]}"
	if [[ $domain != "localhost" && ! -f $certstore/$domain.crt ]] ; then
	echo "$cnf"$'\n'"CN = $domain" > $certstore/$domain.cnf
	openssl req -newkey rsa:2048 -nodes \
	-keyout $certstore/$domain.key \
	-config $certstore/$domain.cnf \
	-x509 -days 3560 -out $certstore/$domain.crt
	security delete-certificate -c $domain
	security add-trusted-cert -d -r trustRoot \
	-k /Library/Keychains/System.keychain $certstore/$domain.crt
	fi
	fi
	done </etc/hosts