Forked from mikepsinn/self-signed-wildcard-ssl-for-nginx.sh
Last active
August 24, 2020 09:54
-
-
Save christianalfoni/d57c1e7265a1b2bde09eaf94a155d8a2 to your computer and use it in GitHub Desktop.
Create self-signed SSL certificate for Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# sudo apt-get install -y curl | |
# curl https://gist.githubusercontent.com/mikepsinn/b1142aa685ef71d6d3af9b01fc386539/raw/self-signed-wildcard-ssl-for-nginx.sh | sudo bash -s | |
ROOT_DOMAIN=codesandbox.test | |
# Specify where we will install | |
SSL_DIR="ssl" | |
# Set the wildcarded domain we want to use | |
WILDCARD_DOMAIN="*.${ROOT_DOMAIN}" | |
sudo mkdir ${SSL_DIR} || true | |
# A blank passphrase | |
PASSPHRASE="" | |
# Set our CSR variables | |
SUBJ=" | |
C=NE | |
ST= | |
O=Codesandbox | |
localityName= | |
commonName=$WILDCARD_DOMAIN | |
subjectAltName = DNS:$ROOT_DOMAIN,DNS:$WILDCARD_DOMAIN | |
organizationalUnitName=Codesandbox | |
[email protected] | |
" | |
# Generate our Private Key, CSR and Certificate | |
sudo rm ${SSL_DIR}/${ROOT_DOMAIN}.key | |
sudo rm ${SSL_DIR}/${ROOT_DOMAIN}.csr | |
sudo openssl genrsa -out "$SSL_DIR/${ROOT_DOMAIN}.key" 2048 | |
sudo openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$SSL_DIR/${ROOT_DOMAIN}.key" -out "$SSL_DIR/${ROOT_DOMAIN}.csr" -passin pass:${PASSPHRASE} | |
sudo openssl x509 -req -days 365 -in "$SSL_DIR/${ROOT_DOMAIN}.csr" -signkey "$SSL_DIR/${ROOT_DOMAIN}.key" -out "$SSL_DIR/${ROOT_DOMAIN}.crt" | |
echo " | |
Add this to your nginx config: | |
server { | |
listen 443 ssl; | |
server_name example.local; | |
root /vagrant/public.built; | |
ssl on; | |
ssl_certificate $SSL_DIR/${ROOT_DOMAIN}.crt; | |
ssl_certificate_key $SSL_DIR/${ROOT_DOMAIN}.key; | |
... and the rest ... | |
} | |
" | |
echo " | |
Chrome Users: | |
Go to Settings. | |
Click advanced settings at the bottom. | |
Scroll down to Network and click "Change Proxy Settings" | |
Go to the Content tab and then click "Clear SSL State" | |
" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment