Skip to content

Instantly share code, notes, and snippets.

@TheWaWaR

TheWaWaR/gen_cert.sh

Last active July 7, 2017 01:41
Show Gist options
  • Save TheWaWaR/0fd03b2b4b0bab20d24457ec47194b85 to your computer and use it in GitHub Desktop.
Save TheWaWaR/0fd03b2b4b0bab20d24457ec47194b85 to your computer and use it in GitHub Desktop.
Download ZIP
Shell script to generate SSL/TLS certificate in macOS.
Raw
gen_cert.sh
########################################
# $ tree $HOME/local/etc/TLS
# .
# |-- CA
# | |-- index.txt
# | |-- index.txt.attr
# | |-- newcerts
# | | |-- 01.pem
# | | `-- 02.pem
# | |-- private
# | | `-- root-ca.key
# | |-- root-ca.cert
# | |-- serial
# | `-- serial.old
# |-- certificates
# | `-- localhost
# | |-- server.cert
# | |-- server.key
# | |-- server.pfx
# | `-- server.req
# `-- openssl.cnf
#
#
# Usage: gen_cert.sh localhost
########################################
alias openssl2='/usr/local/Cellar/openssl/1.0.2l/bin/openssl'
TLS_DIR=$HOME/local/etc/TLS
OUT_DIR=$TLS_DIR/certificates/$1
OPENSSL_CNF=$TLS_DIR/openssl.cnf
ROOT_CA=$TLS_DIR/CA/root-ca.cert
SERVER_KEY=$OUT_DIR/server.key
SERVER_REQ=$OUT_DIR/server.req
SERVER_CERT=$OUT_DIR/server.cert
SERVER_PFX=$OUT_DIR/server.pfx
if [ $# -gt 0 ]
then
[ -d $OUT_DIR ] || mkdir $OUT_DIR
openssl2 req -newkey rsa:1024 -keyout $SERVER_KEY -nodes -config $OPENSSL_CNF -out $SERVER_REQ
openssl2 ca -config $OPENSSL_CNF -out $SERVER_CERT -infiles $SERVER_REQ
openssl2 pkcs12 -export -out $SERVER_PFX -inkey $SERVER_KEY -in $SERVER_CERT -certfile $ROOT_CA
ls -hl $OUT_DIR
else
echo "Invalid out dir: $OUT_DIR"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment