Last active
January 11, 2025 14:11
-
-
Save chwnam/69abc58e03740cb82986a95cbaf66b07 to your computer and use it in GitHub Desktop.
Creating and importing Self-Signed Certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import CA to browsers. | |
| # Before this script, please install certutil: | |
| # sudo apt install libnss3-tools | |
| # Change this | |
| CA_NAME="" | |
| if [[ ! -f ca.pem ]]; then | |
| echo "ca.pem not found. Run make-cert.sh." | |
| exit | |
| fi | |
| ## Firefox | |
| for PROFILE_PATH in $(find "$HOME/.mozilla/firefox" -type d -name '*.default-release') | |
| do | |
| certutil -A -n "$CA_NAME" -t "TC,," -i "ca.pem" -d "sql:$PROFILE_PATH" | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Make Self Signed Certificates | |
| # Wildcards are available. | |
| # | |
| # run ./make-cert.sh '*.foo.bar' then, | |
| # mv '*.foo.bar.crt' 'foo.bar.crt' | |
| # | |
| # In Apache virtual hosts settings: | |
| # SSLEngine On | |
| # SSLCertificateFile /path/to/ssl/$DOMAIN.crt (Step #5) | |
| # SSLCertificateKeyFile /path/to/ssl/cert-key.pem (Step #3) | |
| if [[ $# -ne 1 ]]; then | |
| echo "Input name for domain, please." | |
| exit | |
| fi | |
| DOMAIN=$1 | |
| PASSPHRASE="" # Your passphrase. Important! Keep it safe. | |
| # Change these | |
| COUNTRY="" | |
| STATE="" | |
| LOCALITY="" | |
| ORGANIZTION="" | |
| COMMON_NAME="" | |
| if [[ ! -f ca-key.pem ]]; then | |
| # CA Key 생성 | |
| openssl genrsa -aes256 -out ca-key.pem -passout "pass:$PASSPHRASE" 4096 | |
| else | |
| echo "1. ca-key.pem exists." | |
| fi | |
| if [[ ! -f ca.pem ]]; then | |
| # CA 생성 | |
| openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem \ | |
| -passin "pass:$PASSPHRASE" \ | |
| -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZTION/CN=$COMMON_NAME" | |
| else | |
| echo "2. ca.pem exists." | |
| fi | |
| if [[ ! -f cert-key.pem ]]; then | |
| # 인증서 개인 키 | |
| openssl genrsa -out cert-key.pem 4096 | |
| else | |
| echo "3. cert-key.pem exists." | |
| fi | |
| if [[ ! -f cert.csr ]]; then | |
| openssl req -new -sha256 -key cert-key.pem -out cert.csr \ | |
| -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZTION/CN=$COMMON_NAME" | |
| else | |
| echo "4. cert.csr exists." | |
| fi | |
| if [[ ! -f "$DOMAIN.crt" ]]; then | |
| # 인증서 | |
| openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial \ | |
| -out "$DOMAIN.crt" \ | |
| -passin "pass:$PASSPHRASE" \ | |
| -extfile <(echo "subjectAltName=DNS:$DOMAIN,IP:127.0.0.1") | |
| else | |
| echo "5. $DOMAIN.crt exists." | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment