gencerts.sh

#!/bin/sh

# this is from https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/

if [ "$#" -ne 1 ]; then
    echo "Usage: Must supply a domain"
    exit 1
fi

# Change these as appropriate for your organization
DOMAIN=$1
SUBJECT_ROOT="/C=US/ST=Massachusetts/L=Boston/O=GetHuman/OU=IT/CN=gethuman.com/[email protected]"
SUBJECT_WILDCARD="/C=US/ST=Massachusetts/L=Boston/O=GetHuman/OU=IT/CN=*.$DOMAIN/[email protected]"
CERTS_DIR="certs"

# CA Private Key here
openssl genrsa -out $CERTS_DIR/$DOMAIN.myCA.key 2048

# CA Root Cert
openssl req -x509 -new -nodes -key $CERTS_DIR/$DOMAIN.myCA.key -sha256 -days 1825 -out $CERTS_DIR/$DOMAIN.myCA.pem -subj "$SUBJECT_ROOT"

# Add CA Root Cert as trusted cert on your local machine
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERTS_DIR/$DOMAIN.myCA.pem

# Dev domain private key
openssl genrsa -out $CERTS_DIR/$DOMAIN.key 2048

# CSR
openssl req -new -key $CERTS_DIR/$DOMAIN.key -out $CERTS_DIR/$DOMAIN.csr -subj "$SUBJECT_WILDCARD"

# Now, create the domain cert using the CSR and CA
openssl x509 -req -in $CERTS_DIR/$DOMAIN.csr -CA $CERTS_DIR/$DOMAIN.myCA.pem -CAkey $CERTS_DIR/$DOMAIN.myCA.key -CAcreateserial -out $CERTS_DIR/$DOMAIN.crt -days 825 -sha256 -extfile $DOMAIN.ext

sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain $CERTS_DIR/$DOMAIN.crt

echo "New certs generated for $DOMAIN and added to local machine as trusted."