Skip to content

Instantly share code, notes, and snippets.

@selfsimilar
Last active April 1, 2016 17:39
Show Gist options
  • Save selfsimilar/e153104f9364ed4b1384d725eaea2183 to your computer and use it in GitHub Desktop.
Save selfsimilar/e153104f9364ed4b1384d725eaea2183 to your computer and use it in GitHub Desktop.
Generate and install self-signed certificates in OS X based on hosts file entries
#!/usr/bin/env bash
# A script for OS X to help generate and install SSL certificates for localhost.
# This is known to work on El Capitan, but should work on all 10.x releases.
#
# NOTE: THIS SCRIPT MUST BE RUN AS SU.
#
# This parses your hosts file and for all hostnames mapped to 127.0.0.1 it
# checks to see if a certificate exists for that domain. If not it:
# * Creates an SSL key and certificate.
# * Removes any older certificate and then adds the new certificate to your
# keychain's trusted store.
# It's up to you to edit your apache/nginx configuration to use the key and
# certificate per domain.
# Also, you'll want to fill in the values in the [ req_distinguished_name ]
# section and update the default location of certificates for your machine.
certstore="/private/etc/apache2/ssl"
cnf="[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = US
ST = Alabama
L = Smallville
O = Widgets Co
OU = Technology Dept
emailAddress = webmaster@widgets.com"
regex="^127\.0\.0\.1[ \t]+(.*)$"
while read p; do
if [[ $p =~ $regex ]] ; then
domain="${BASH_REMATCH[1]}"
if [[ $domain != "localhost" && ! -f $certstore/$domain.crt ]] ; then
echo "$cnf"$'\n'"CN = $domain" > $certstore/$domain.cnf
openssl req -newkey rsa:2048 -nodes \
-keyout $certstore/$domain.key \
-config $certstore/$domain.cnf \
-x509 -days 3560 -out $certstore/$domain.crt
security delete-certificate -c $domain
security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain $certstore/$domain.crt
fi
fi
done </etc/hosts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment