Skip to content

Instantly share code, notes, and snippets.

@shinofara

shinofara/generate.sh

Last active October 26, 2017 16:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save shinofara/3a5295bd55b2fde4c092f0d16e492473 to your computer and use it in GitHub Desktop.
Save shinofara/3a5295bd55b2fde4c092f0d16e492473 to your computer and use it in GitHub Desktop.
Download ZIP
SSL GENERATE MAC ONLY
Raw
generate.sh
#!/bin/bash
set -eu
atexit() {
[[ -n $tmpdir ]] && rm -fr "$tmpdir"
[[ -n $sslconf ]] && rm -fr "$sslconf"
}
tmpdir=`mktemp -d`
sslconf=`mktemp`
trap atexit EXIT
trap 'trap - EXIT; atexit; exit -1' SIGHUP SIGINT SIGTERM
outputdir=`pwd`
if [ "${outputdir}" != `pwd` ]; then
mkdir -p $outputdir
fi
# option
usage_exit() {
echo "Usage: $0 [-h domain]" 1>&2
exit 1
}
domain="localhost"
while getopts h: OPT
do
case $OPT in
h) domain=$OPTARG
;;
\?) usage_exit
;;
esac
done
shift $((OPTIND - 1))
# ssl config file
echo "[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${domain}
DNS.2 = *.${domain}" > $sslconf
# generate
user=`whoami`
sudo openssl genrsa -out $tmpdir/server.key 2048
sudo -u $user openssl genrsa -out $outputdir/$domain.key 2048
sudo -u $user openssl rsa -in $outputdir/$domain.key -out $tmpdir/$domain.key.rsa
sudo -u $user openssl req -new -key $tmpdir/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out $tmpdir/server.csr
sudo -u $user openssl req -new -key $tmpdir/$domain.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=${domain}/" -out $outputdir/$domain.csr -config $sslconf
sudo -u $user openssl x509 -req -days 365 -in $tmpdir/server.csr -signkey $tmpdir/server.key -out $tmpdir/server.crt
sudo -u $user openssl x509 -req -extensions v3_req -days 365 -in $outputdir/$domain.csr -signkey $tmpdir/$domain.key.rsa -out $outputdir/$domain.crt -extfile $sslconf
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $outputdir/$domain.crt
sudo -u $user cat $outputdir/$domain.key $outputdir/$domain.crt > $outputdir/$domain.pem
@shinofara
Copy link
Author 

$ sh generate.sh
Password: 
$ ls -la
|-rw-r--r--   1 shinofara      staff    1269 2016-10-09 18:52 localhost.crt
|-rw-r--r--   1 shinofara      staff    1094 2016-10-09 18:52 localhost.csr
|-rw-r--r--   1 shinofara      staff    1679 2016-10-09 18:52 localhost.key
|-rw-r--r--   1 shinofara      staff    2948 2016-10-09 18:52 localhost.pem

$ sh generate.sh -h example.com
Password: 
$ ls -la
|-rw-r--r--   1 shinofara      staff    1281 2016-10-09 18:55 example.com.crt 
|-rw-r--r--   1 shinofara      staff    1102 2016-10-09 18:55 example.com.csr 
|-rw-r--r--   1 shinofara      staff    1675 2016-10-09 18:55 example.com.key 
|-rw-r--r--   1 shinofara      staff    2956 2016-10-09 18:55 example.com.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment