Last active
April 1, 2016 17:39
-
-
Save selfsimilar/e153104f9364ed4b1384d725eaea2183 to your computer and use it in GitHub Desktop.
Generate and install self-signed certificates in OS X based on hosts file entries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# A script for OS X to help generate and install SSL certificates for localhost. | |
# This is known to work on El Capitan, but should work on all 10.x releases. | |
# | |
# NOTE: THIS SCRIPT MUST BE RUN AS SU. | |
# | |
# This parses your hosts file and for all hostnames mapped to 127.0.0.1 it | |
# checks to see if a certificate exists for that domain. If not it: | |
# * Creates an SSL key and certificate. | |
# * Removes any older certificate and then adds the new certificate to your | |
# keychain's trusted store. | |
# It's up to you to edit your apache/nginx configuration to use the key and | |
# certificate per domain. | |
# Also, you'll want to fill in the values in the [ req_distinguished_name ] | |
# section and update the default location of certificates for your machine. | |
certstore="/private/etc/apache2/ssl" | |
cnf="[ req ] | |
default_bits = 2048 | |
distinguished_name = req_distinguished_name | |
prompt = no | |
[ req_distinguished_name ] | |
C = US | |
ST = Alabama | |
L = Smallville | |
O = Widgets Co | |
OU = Technology Dept | |
emailAddress = webmaster@widgets.com" | |
regex="^127\.0\.0\.1[ \t]+(.*)$" | |
while read p; do | |
if [[ $p =~ $regex ]] ; then | |
domain="${BASH_REMATCH[1]}" | |
if [[ $domain != "localhost" && ! -f $certstore/$domain.crt ]] ; then | |
echo "$cnf"$'\n'"CN = $domain" > $certstore/$domain.cnf | |
openssl req -newkey rsa:2048 -nodes \ | |
-keyout $certstore/$domain.key \ | |
-config $certstore/$domain.cnf \ | |
-x509 -days 3560 -out $certstore/$domain.crt | |
security delete-certificate -c $domain | |
security add-trusted-cert -d -r trustRoot \ | |
-k /Library/Keychains/System.keychain $certstore/$domain.crt | |
fi | |
fi | |
done </etc/hosts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment