-
Notifications
You must be signed in to change notification settings - Fork 78
/
generate-ssl.sh
executable file
·71 lines (55 loc) · 2.18 KB
/
generate-ssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env bash
# Make sure this script is run as root
if [ "$EUID" -ne 0 ] ; then
echo "Please run as root. Try again by typing: sudo !!"
exit
fi
function command_exists () {
type "$1" &> /dev/null ;
}
# Make sure openssl exists
if ! command_exists openssl ; then
echo "OpenSSL isn't installed. You need that to generate SSL certificates."
exit
fi
name=$1
if [ -z "$name" ]; then
echo "No name argument provided!"
echo "Try ./generate-ssl.sh name.dev"
exit
fi
## Make sure the tmp/ directory exists
if [ ! -d "tmp" ]; then
mkdir tmp/
fi
## Make sure the your-certs/ directory exists
if [ ! -d "your-certs" ]; then
mkdir your-certs/
fi
# Cleanup files from previous runs
rm tmp/*
rm your-certs/*
# Remove any lines that start with CN
sed -i '' '/^CN/ d' certificate-authority-options.conf
# Modify the conf file to set CN = ${name}
echo "CN = ${name}" >> certificate-authority-options.conf
# Generate Certificate Authority
openssl genrsa -des3 -out "tmp/${name}CA.key" 2048
openssl req -x509 -config certificate-authority-options.conf -new -nodes -key "tmp/${name}CA.key" -sha256 -days 825 -out "your-certs/${name}CA.pem"
if command_exists security ; then
# Delete trusted certs by their common name via https://unix.stackexchange.com/a/227014
security find-certificate -c "${name}" -a -Z | sudo awk '/SHA-1/{system("security delete-certificate -Z "$NF)}'
# Trust the Root Certificate cert
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "your-certs/${name}CA.pem"
fi
# Generate CA-signed Certificate
openssl genrsa -out "your-certs/${name}.key" 2048
openssl req -new -config certificate-authority-options.conf -key "your-certs/${name}.key" -out "tmp/${name}.csr"
# Generate SSL Certificate
openssl x509 -req -in "tmp/${name}.csr" -CA "your-certs/${name}CA.pem" -CAkey "tmp/${name}CA.key" -CAcreateserial -out "your-certs/${name}.crt" -days 825 -sha256 -extfile options.conf
# Cleanup a stray file
rm your-certs/*.srl
# The username behind sudo, to give ownership back
user=$( who am i | awk '{ print $1 }')
chown -R "$user" tmp your-certs
echo "All done! Check the your-certs directory for your certs."