twysto/devsslcert.sh

## devsslcert.sh
#/usr/bin/env bash

cat <<"HEREDOC"
    ____               __________ __       ______          __
   / __ \___ _   __   / ___/ ___// /      / ____/__  _____/ /_
  / / / / _ \ | / /   \__ \\__ \/ /      / /   / _ \/ ___/ __/
 / /_/ /  __/ |/ /   ___/ /__/ / /___   / /___/  __/ /  / /_
/_____/\___/|___/   /____/____/_____/   \____/\___/_/   \__/

HEREDOC

echo "Type your Organization Name (e.g. IT-Company): "
read organization

SSL_CERTS_DIR=".ssl"

# If folder exists make a backup
if [[ -d "$SSL_CERTS_DIR" ]]; then
  mv "$SSL_CERTS_DIR" "~$SSL_CERTS_DIR-$(date '+%Y%m%d%H%M%S')"
fi

mkdir "$SSL_CERTS_DIR" && cd $_

openssl req -x509 -nodes -new -sha256 -days 36135 \
  -newkey rsa:2048 \
  -keyout RootCA.key \
  -out RootCA.pem \
  -subj "/O=$organization" \
  2> /dev/null

openssl x509 -outform pem \
  -in RootCA.pem \
  -out RootCA.crt \
  2> /dev/null

cat > domains.txt <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
subjectAltName=@alt_names
[alt_names]
DNS.1=localhost
EOF

openssl req -new -nodes \
  -newkey rsa:2048 \
  -keyout localhost.key \
  -out localhost.csr \
  -subj "/O=$O/CN=localhost" \
  2> /dev/null

openssl x509 -req -sha256 -days 36135 \
  -in localhost.csr \
  -CA RootCA.pem \
  -CAkey RootCA.key \
  -CAcreateserial \
  -extfile domains.txt \
  -out localhost.crt \
  2> /dev/null

rm domains.txt
rm localhost.csr
rm RootCA.key
rm RootCA.pem
rm RootCA.srl

echo -e "\nGeneration successful...\n"

echo "Your certificate and private key are in the .ssh directory."
echo -e "Don't forget to import your certificate authority (RootCA.crt) in your browser.\n"

echo "On Chrome go to: Settings > Privacy and Security > Security > Manage certificates > Authorities."
echo "Then click on the 'Import' button, browse your computer to find the RootCA.crt file and import it."
echo -e "When asked, check the 'Trust this certificate for identifying websites' option.\n"

echo "And you're done!"

exit 0
	#/usr/bin/env bash

	cat <<"HEREDOC"
	____ __________ __ ______ __
	/ __ \___ _ __ / ___/ ___// / / ____/__ _____/ /_
	/ / / / _ \ \| / / \__ \\__ \/ / / / / _ \/ ___/ __/
	/ /_/ / __/ \|/ / ___/ /__/ / /___ / /___/ __/ / / /_
	/_____/\___/\|___/ /____/____/_____/ \____/\___/_/ \__/

	HEREDOC

	echo "Type your Organization Name (e.g. IT-Company): "
	read organization

	SSL_CERTS_DIR=".ssl"

	# If folder exists make a backup
	if [[ -d "$SSL_CERTS_DIR" ]]; then
	mv "$SSL_CERTS_DIR" "~$SSL_CERTS_DIR-$(date '+%Y%m%d%H%M%S')"
	fi

	mkdir "$SSL_CERTS_DIR" && cd $_

	openssl req -x509 -nodes -new -sha256 -days 36135 \
	-newkey rsa:2048 \
	-keyout RootCA.key \
	-out RootCA.pem \
	-subj "/O=$organization" \
	2> /dev/null

	openssl x509 -outform pem \
	-in RootCA.pem \
	-out RootCA.crt \
	2> /dev/null

	cat > domains.txt <<EOF
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
	subjectAltName=@alt_names
	[alt_names]
	DNS.1=localhost
	EOF

	openssl req -new -nodes \
	-newkey rsa:2048 \
	-keyout localhost.key \
	-out localhost.csr \
	-subj "/O=$O/CN=localhost" \
	2> /dev/null

	openssl x509 -req -sha256 -days 36135 \
	-in localhost.csr \
	-CA RootCA.pem \
	-CAkey RootCA.key \
	-CAcreateserial \
	-extfile domains.txt \
	-out localhost.crt \
	2> /dev/null

	rm domains.txt
	rm localhost.csr
	rm RootCA.key
	rm RootCA.pem
	rm RootCA.srl

	echo -e "\nGeneration successful...\n"

	echo "Your certificate and private key are in the .ssh directory."
	echo -e "Don't forget to import your certificate authority (RootCA.crt) in your browser.\n"

	echo "On Chrome go to: Settings > Privacy and Security > Security > Manage certificates > Authorities."
	echo "Then click on the 'Import' button, browse your computer to find the RootCA.crt file and import it."
	echo -e "When asked, check the 'Trust this certificate for identifying websites' option.\n"

	echo "And you're done!"

	exit 0