Skip to content

Instantly share code, notes, and snippets.

@valeryan

valeryan/gencert.sh

Created October 2, 2016 19:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save valeryan/6f0da3f9281ecd9ec758b9cd1c6b55a1 to your computer and use it in GitHub Desktop.
Save valeryan/6f0da3f9281ecd9ec758b9cd1c6b55a1 to your computer and use it in GitHub Desktop.
Download ZIP
Generate Self Signed SSL and added it as Trusted Root on OSX
Raw
gencert.sh
#!/usr/bin/env bash
OPENSSL=/usr/local/Cellar/openssl/1.0.2j/bin/openssl
CERTPATH=./etc/nginx/certs/
${OPENSSL} genrsa -out ${CERTPATH}/app-wildcard.key 2048
${OPENSSL} req -new -out ${CERTPATH}/app-wildcard.csr -key ${CERTPATH}/app-wildcard.key -config openssl.cnf
${OPENSSL} x509 -req -days 3650 -in ${CERTPATH}/app-wildcard.csr -signkey ${CERTPATH}/app-wildcard.key -out ${CERTPATH}/app-wildcard.crt -extfile openssl.cnf -extensions v3_req
sudo security delete-certificate -c "*.app"
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CERTPATH}/app-wildcard.crt
Raw
openssl.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
commonName = *.app
countryName = US
stateOrProvinceName = AL
localityName = Huntsville
organizationName = Example LLC
organizationalUnitName = IT
emailAddress = example@email.com
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.app
DNS.2 = example2.app
IP.1 = 127.0.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment