Last active
September 10, 2024 02:49
-
-
Save ptvandi/5a33c28d74ccc5100d7fe2bf5de96deb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
###################################################################### | |
# | |
# This script generates an SSL certficate for local development. To | |
# execute the script, run `bash create-dev-ssl-cert.sh`. Sudo is | |
# needed to save the certificate to your Mac KeyChain. After the cert | |
# is generated, you can use `HTTPS=true yarn start` to run the web | |
# server. | |
# | |
# Author: Andi Wilson | |
# Created: 03/23/2020 | |
# | |
###################################################################### | |
CWD=$(pwd) | |
LOCAL_CERT_PATH=$CWD/.cert | |
CERT_NAME='localhost (PTV Dev SSL Cert)' | |
ORG_NAME='Promethean TV, Inc.' | |
DNS_1='dev.embed.promethean.tv' | |
DNS_2='dev.broadcast.promethean.tv' | |
# Ask user permission to run the script | |
CONTINUE="n/a" | |
printf "⚠️ This script will create/modify the folder $LOCAL_CERT_PATH\n" | |
printf "⚠️ This script will alert you when it must run in sudo mode\n" | |
printf "" | |
while [[ ! "$CONTINUE" =~ ^[yYnN]$ ]] | |
do read -ep ' Do you want to continue? [y/N] ' -n 1 -r CONTINUE | |
if [[ "$CONTINUE" == "" ]]; then | |
CONTINUE="N" | |
fi | |
done | |
if [[ "$CONTINUE" =~ ^[nN]$ ]]; then | |
printf 'Script aborted by used\n' | |
exit 0 | |
fi | |
printf '\n' | |
# -- ./.cert -- | |
printf "⚙️ $LOCAL_CERT_PATH... " | |
mkdir -p $LOCAL_CERT_PATH | |
cd $LOCAL_CERT_PATH | |
printf '✅\n' | |
# -- rootCA.key -- | |
printf '🔑 Generating rootCA.key... ' | |
FILE=rootCA.key | |
if [[ -f "$FILE" ]]; then | |
printf 'already exists ✅ \n' | |
else | |
printf '🆕\n' | |
openssl genrsa -des3 -out rootCA.key 2048 | |
fi | |
# -- rootCA.pem -- | |
printf '🔒 Generating rootCA.pem... ' | |
FILE=rootCA.pem | |
if [[ -f "$FILE" ]]; then | |
printf 'already exists ✅\n' | |
else | |
printf '🆕\n' | |
openssl req -x509 -new -nodes -key rootCA.key -subj "/C=US/ST=CA/O=$ORG_NAME/CN=$CERT_NAME" -sha256 -days 1024 -out rootCA.pem | |
fi | |
# -- Ask user permission to trust certificate -- | |
printf '\n'; | |
CONTINUE="n/a" | |
printf "⚠️ The following command requires sudo privileges\n" | |
while [[ ! "$CONTINUE" =~ ^[yYnN]$ ]] | |
do read -ep " Trust and add $CERT_NAME rootCA.pem to Keychain Access? [y/N] " -n 1 -r CONTINUE | |
if [[ "$CONTINUE" == "" ]]; then | |
CONTINUE="N" | |
fi | |
done | |
if [[ "$CONTINUE" =~ ^[yY]$ ]]; then | |
sudo security -v add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem | |
fi | |
printf '\n' | |
# -- server.csr.cnf -- | |
printf '⚙️ Creating server.csr.cnf... ' | |
cat > server.csr.cnf <<- EOM | |
[req] | |
default_bits = 2048 | |
prompt = no | |
default_md = sha256 | |
distinguished_name = dn | |
[dn] | |
C=US | |
ST=CA | |
O=$ORG_NAME | |
CN=$CERT_NAME | |
EOM | |
printf '✅\n' | |
# -- v3.ext -- | |
printf '⚙️ Creating v3.ext... ' | |
cat > v3.ext <<- EOM | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = localhost | |
DNS.2 = $DNS_1 | |
DNS.3 = $DNS_2 | |
EOM | |
printf '✅\n' | |
# -- server.csr & server.key -- | |
printf '🔐 Generating server.csr and server.key... ' | |
FILE1=server.csr | |
FILE2=server.key | |
if [[ -f "$FILE1" && -f "$FILE2" ]]; then | |
printf 'already exist ✅\n' | |
else | |
printf '🆕\n' | |
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf ) | |
fi | |
# -- server.crt & rootCA.srl -- | |
printf '🔏 Generating server.crt and rootCA.srl... ' | |
FILE1=server.crt | |
FILE2=rootCA.srl | |
if [[ -f "$FILE1" && -f "$FILE2" ]]; then | |
printf 'already exist ✅\n' | |
else | |
printf '🆕\n' | |
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext | |
fi | |
printf '✅\n' |
MacOS issue:
🔐 Generating server.csr and server.key... /Downloads/generate-dev-ssl-cert.sh: line 132: syntax error near unexpected token `('
/Downloads/generate-dev-ssl-cert.sh: line 132: ` openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )'
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config =(cat .cert/server.csr.cnf)
this way worked fine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
it works man, i think line 6 needs to be