SSL GENERATE MAC ONLY

generate.sh

#!/bin/bash
set -eu
atexit() {
    [[ -n $tmpdir ]] && rm -fr "$tmpdir"
    [[ -n $sslconf ]] && rm -fr "$sslconf"    
}
tmpdir=`mktemp -d`
sslconf=`mktemp`
trap atexit EXIT
trap 'trap - EXIT; atexit; exit -1' SIGHUP SIGINT SIGTERM

outputdir=`pwd`

if [ "${outputdir}" != `pwd` ]; then
    mkdir -p $outputdir
fi

# option


usage_exit() {
    echo "Usage: $0 [-h domain]" 1>&2
    exit 1
}

domain="localhost"

while getopts h: OPT
do
    case $OPT in
        h) domain=$OPTARG
            ;;
        \?) usage_exit
            ;;
    esac
done

shift $((OPTIND - 1))

# ssl config file
echo "[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${domain}
DNS.2 = *.${domain}" > $sslconf

# generate

user=`whoami`

sudo openssl genrsa -out $tmpdir/server.key 2048
sudo -u $user openssl genrsa -out $outputdir/$domain.key 2048
sudo -u $user openssl rsa -in $outputdir/$domain.key -out $tmpdir/$domain.key.rsa

sudo -u $user openssl req -new -key $tmpdir/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out $tmpdir/server.csr
sudo -u $user openssl req -new -key $tmpdir/$domain.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=${domain}/" -out $outputdir/$domain.csr -config $sslconf

sudo -u $user openssl x509 -req -days 365 -in $tmpdir/server.csr -signkey $tmpdir/server.key -out $tmpdir/server.crt
sudo -u $user openssl x509 -req -extensions v3_req -days 365 -in $outputdir/$domain.csr -signkey $tmpdir/$domain.key.rsa -out $outputdir/$domain.crt -extfile $sslconf

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $outputdir/$domain.crt
sudo -u $user cat $outputdir/$domain.key $outputdir/$domain.crt > $outputdir/$domain.pem