tomdavidson/local-trusted-ssl-cert.sh

## local-trusted-ssl-cert.sh
#!/usr/bin/env bash


# $1 : relative filename
file_path() {
  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
}


output() {
# export the cert and key path as vars or write to config file that msw can read
}


# $1 : cert name
# $2 : key name
generate-cert() {
    sudo tee openssl-config.cnf > /dev/null << ENDOFFILE
[ req ]
prompt              = no
distinguished_name  = distinguished_name
x509_extensions     = x509_extension
[ distinguished_name ]
CN = localhost
[ x509_extension ]
subjectAltName         = DNS:localhost, IP:127.0.0.1
extendedKeyUsage       = critical, serverAuth, clientAuth
keyUsage               = critical, digitalSignature, keyEncipherment
ENDOFFILE

    openssl req -x509 -config openssl-config.cnf -newkey rsa:2048 -keyout "$2" -out "$1" -nodes
    rm openssl-config.cnf
}

trust_cert() {
    # Add to browsers' cert db (FF and Chrome)
    while read -r -d $'\0' i ; do
        certutil -d 'sql:'"$i" -A -t "C,," -n "${CERTNAME%.*}" -i "${CERTNAME}"
    done < <(find "$HOME" -type f -iregex '.*[/]cert[89][.]db' -printf '%h\0')

    # Add to debian based systems
    # might only care about the browsers
    # those mac guys can figure it out ...
    cp "${CERTNAME}" /usr/local/share/ca-certificates
    update-ca-certificates
}


# These names will be used in the trusted cert store and the full path will need to be added to MSW config
APP_NAME=my-app
KEYNAME=${APP_NAME}-key.pem
CERTNAME=${APP_NAME}-cert.crt

if [ ! -f "$KEYNAME" ] && [ ! -f "$CERTNAME" ] ; then
    generate_cert "$CERTNAME" "$KEYNAME"
    trust_cert "$CERTNAME"
fi

output
	#!/usr/bin/env bash


	# $1 : relative filename
	file_path() {
	echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
	}


	output() {
	# export the cert and key path as vars or write to config file that msw can read
	}


	# $1 : cert name
	# $2 : key name
	generate-cert() {
	sudo tee openssl-config.cnf > /dev/null << ENDOFFILE
	[ req ]
	prompt = no
	distinguished_name = distinguished_name
	x509_extensions = x509_extension
	[ distinguished_name ]
	CN = localhost
	[ x509_extension ]
	subjectAltName = DNS:localhost, IP:127.0.0.1
	extendedKeyUsage = critical, serverAuth, clientAuth
	keyUsage = critical, digitalSignature, keyEncipherment
	ENDOFFILE

	openssl req -x509 -config openssl-config.cnf -newkey rsa:2048 -keyout "$2" -out "$1" -nodes
	rm openssl-config.cnf
	}

	trust_cert() {
	# Add to browsers' cert db (FF and Chrome)
	while read -r -d $'\0' i ; do
	certutil -d 'sql:'"$i" -A -t "C,," -n "${CERTNAME%.*}" -i "${CERTNAME}"
	done < <(find "$HOME" -type f -iregex '.*[/]cert[89][.]db' -printf '%h\0')

	# Add to debian based systems
	# might only care about the browsers
	# those mac guys can figure it out ...
	cp "${CERTNAME}" /usr/local/share/ca-certificates
	update-ca-certificates
	}



	# These names will be used in the trusted cert store and the full path will need to be added to MSW config
	APP_NAME=my-app
	KEYNAME=${APP_NAME}-key.pem
	CERTNAME=${APP_NAME}-cert.crt

	if [ ! -f "$KEYNAME" ] && [ ! -f "$CERTNAME" ] ; then
	generate_cert "$CERTNAME" "$KEYNAME"
	trust_cert "$CERTNAME"
	fi

	output