Skip to content

Instantly share code, notes, and snippets.

@nikhgupta

nikhgupta/generate_certs.sh

Created October 22, 2017 20:21
Show Gist options
  • Save nikhgupta/1fa4e16b67c8ec1ddf91e9b84c4b2293 to your computer and use it in GitHub Desktop.
Save nikhgupta/1fa4e16b67c8ec1ddf91e9b84c4b2293 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
generate_certs.sh
#!/usr/bin/env bash
BASE_DOMAIN="${1:-localhost.dev}"
cd /usr/local/etc/httpd
# Days for the cert to live
DAYS=3650
# A blank passphrase
PASSPHRASE=""
# Generated configuration file
CONFIG_FILE="config.txt"
cat > $CONFIG_FILE <<-EOF
[req]
default_bits = 4096
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn
[dn]
C = IN
ST = Rajasthan
L = Jaipur
O = Localhost, LLC
OU = Testing Domain
emailAddress = webmaster@$BASE_DOMAIN
CN = $BASE_DOMAIN
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = $BASE_DOMAIN
DNS.2 = *.$BASE_DOMAIN
EOF
# The file name can be anything
FILE_NAME="$BASE_DOMAIN"
# Remove previous keys
echo "Removing existing certs from Keychain"
sudo security remove-trusted-cert -d "$FILE_NAME.crt"
echo "Removing existing certs like $FILE_NAME.*"
chmod 770 $FILE_NAME.*
rm $FILE_NAME.*
echo "Generating certs for $BASE_DOMAIN"
# Generate our Private Key, CSR and Certificate
# Use SHA-2 as SHA-1 is unsupported from Jan 1, 2017
openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout "$FILE_NAME.key" -days $DAYS -out "$FILE_NAME.crt" -passin pass:$PASSPHRASE -config "$CONFIG_FILE"
# OPTIONAL - write an info to see the details of the generated crt
openssl x509 -noout -fingerprint -text < "$FILE_NAME.crt" > "$FILE_NAME.info"
# Protect the key
chmod 400 "$FILE_NAME.key"
# Add to Keychain
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$FILE_NAME.crt"
# Apache Config
echo "
<VirtualHost *:80>
ServerAdmin webmaster@${BASE_DOMAIN}
ServerName ${BASE_DOMAIN}
ServerAlias *.${BASE_DOMAIN}
VirtualDocumentRoot \"/Users/nikhgupta/Code/websites/%2+/%1\"
ErrorLog \"/usr/local/var/log/httpd/${BASE_DOMAIN}-error_log\"
CustomLog \"/usr/local/var/log/httpd/${BASE_DOMAIN}-access_log\" common
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@${BASE_DOMAIN}
VirtualDocumentRoot \"/Users/nikhgupta/Code/websites/%2+/%1\"
ServerName ${BASE_DOMAIN}
ServerAlias *.${BASE_DOMAIN}
ErrorLog \"/usr/local/var/log/httpd/${BASE_DOMAIN}-error_log\"
CustomLog \"/usr/local/var/log/httpd/${BASE_DOMAIN}-access_log\" common
SSLCertificateFile \"/usr/local/etc/httpd/${BASE_DOMAIN}.crt\"
SSLCertificateKeyFile \"/usr/local/etc/httpd/${BASE_DOMAIN}.key\"
</VirtualHost>
" >> /usr/local/etc/httpd/users/nikhgupta.conf
echo "Generated config in: /usr/local/etc/httpd/users/nikhgupta.conf"
echo "Restarting apache.."
sudo apachectl restart
@nikhgupta
Copy link
Author

Script to readily generate wild-card certificates for a domain (*.anything.tld) for local server. Green Padlock in Chrome :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment