rwoeber · January 12, 2010 13:49
diff --git a/create_self_signed_certificate.sh b/create_self_signed_certificate.sh
 #!/bin/sh      

 # Creates a self-signed certificate and configuration files for 
 # rails-SSL-development (with Apache/Passenger)
                                                                         
 # !!! Important !!!
 # Some files will be created and deleted in the current working directory
 # perhaps it is a good idea to execute this in a dedicated tmp-dir.
                   
 # see the instructions this scripts echos on howto integrate into your system



 DAYS=3652               # ~ 10 years
 DOMAIN='rails.local'    # your dev domain 
                        
 # 
 C_COUNTRY='DE'
 C_STATE='Bavaria'
 C_LOCALITY='MyCity'
 C_ORG='MyCompany'
 C_NAME='Joe User'

 # Create authority (which will sign the certificate)
 openssl genrsa -des3 -passout pass:secret -out ca.key 1024
 openssl req -new -x509 -days $DAYS -passin pass:secret -key ca.key -out ca.crt -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=$C_NAME"

 # create server-files
 openssl genrsa -des3 -passout pass:secret -out ${DOMAIN}.key 1024
 openssl req -new -key ${DOMAIN}.key -days $DAYS -passin pass:secret -out ${DOMAIN}.csr -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=*.$DOMAIN"

  
 CSR=${DOMAIN}.csr
 CERT=${DOMAIN}.crt
  
 # make sure environment exists   
 mkdir -p  ca.db.certs
 echo '01' >ca.db.serial 
 touch ca.db.index

 #  create an own SSLeay config
 cat >ca.config <<EOT
 [ ca ]
 default_ca              = CA_own
 [ CA_own ]
 dir                     = .
 certs                   = \$dir
 new_certs_dir           = \$dir/ca.db.certs
 database                = \$dir/ca.db.index
 serial                  = \$dir/ca.db.serial
 RANDFILE                = \$dir/ca.db.rand
 certificate             = \$dir/ca.crt
 private_key             = \$dir/ca.key
 default_days            = $DAYS
 default_crl_days        = 30
 default_md              = md5
 preserve                = no
 policy                  = policy_anything
 [ policy_anything ]
 countryName             = optional
 stateOrProvinceName     = optional
 localityName            = optional
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 EOT

 #  Sign certificates!
 echo "CA signing: $CSR -> $CERT:"
 openssl ca -passin pass:secret -batch -config ca.config -days $DAYS -out $CERT -infiles $CSR 

  
 # IMPORTANT
 # remove password from key (or you will have to specifiy on apache startup)
 mv ${DOMAIN}.key  ${DOMAIN}.key.original
 openssl rsa -in ${DOMAIN}.key.original -passin pass:secret -out ${DOMAIN}.key


 #  cleanup  
 rm -f ca.config
 rm -f ca.db.serial.old
 rm -f ca.db.index.old   
 rm -f ${DOMAIN}.key.original 
 
 
 # Rails-vhost-configuration (for OS X 10.5+ )
 
 
 cat >rails_vhost.conf <<EOT  

 SSLCertificateFile /etc/apache2/ssl/$DOMAIN.crt
 SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN.key

 NameVirtualHost *:80

 <VirtualHost *:80>
  DocumentRoot "/Library/WebServer/Documents"
 </VirtualHost>

 <VirtualHost *:80>
  ServerName $DOMAIN
  ServerAlias *.$DOMAIN  
  ProxyPass / http://localhost:3000/ retry=0
  ProxyPassReverse / http://localhost:3000
  ProxyPreserveHost on
 #  DocumentRoot "/tmp"
 </VirtualHost>

 <VirtualHost *:443>
  SSLEngine On
  ServerName $DOMAIN
  ServerAlias *.$DOMAIN  
  ProxyPass / http://localhost:3000/ retry=0
  ProxyPassReverse / http://localhost:3000
  ProxyPreserveHost on
  RequestHeader set X_FORWARDED_PROTO 'https'
 #  DocumentRoot "/tmp"
 </VirtualHost>
 EOT



      
 cat <<EOT     


 #############################################################################
 #  Do the following:                                                        #
 #############################################################################


 * copy $DOMAIN.key and $DOMAIN.crt to /etc/apache2/ssl 

  sudo mkdir -p /etc/apache2/ssl
  sudo cp $DOMAIN.* /etc/apache2/ssl/
        
 * copy rails_vhost.conf to /etc/apache2/other/rails_vhost.conf
    
  sudo cp rails_vhost.conf /etc/apache2/other/
  
 * activate Apache-SSL and configure default Virtual-Host
                       
  # !!! MAKE BACKUPS when modifying system files !!!                      
  # (uncomment means: remove the '#' in front of the line)
  
  # in /etc/apache2/httpd.conf uncomment the following line
  # Include /private/etc/apache2/extra/httpd-ssl.conf
   
  # in /etc/apache2/extra/httpd-ssl.conf uncomment the lines from
  # <VirtualHost.... to
  # </VirtualHost...
  
 
 * test Apache configuration
  
  sudo apachectl configtest                           
  
 * restart Apache

  sudo apachectl restart                
  
 * Let your system know $DOMAIN exists

  sudo echo "0.0.0.0       $DOMAIN" >> /etc/hosts          
                                     
 * Should also work with subdomains of $DOMAIN :
  (add to the virtual-hosts-file manually)

  sudo echo "0.0.0.0       foo.$DOMAIN" >> /etc/hosts          
  sudo echo "0.0.0.0       bar.$DOMAIN" >> /etc/hosts          


 This applies to a standard MacOS X 10.5/10.6 Apache installation.
 If something goes wrong
 Hint: look into /var/log/apache2/error_log or ask someone who knows
 (or rtfm)

 EOT

 #  die gracefully
 exit 0
	#!/bin/sh

	# Creates a self-signed certificate and configuration files for
	# rails-SSL-development (with Apache/Passenger)

	# !!! Important !!!
	# Some files will be created and deleted in the current working directory
	# perhaps it is a good idea to execute this in a dedicated tmp-dir.

	# see the instructions this scripts echos on howto integrate into your system



	DAYS=3652 # ~ 10 years
	DOMAIN='rails.local' # your dev domain

	#
	C_COUNTRY='DE'
	C_STATE='Bavaria'
	C_LOCALITY='MyCity'
	C_ORG='MyCompany'
	C_NAME='Joe User'

	# Create authority (which will sign the certificate)
	openssl genrsa -des3 -passout pass:secret -out ca.key 1024
	openssl req -new -x509 -days $DAYS -passin pass:secret -key ca.key -out ca.crt -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=$C_NAME"

	# create server-files
	openssl genrsa -des3 -passout pass:secret -out ${DOMAIN}.key 1024
	openssl req -new -key ${DOMAIN}.key -days $DAYS -passin pass:secret -out ${DOMAIN}.csr -subj "/C=$C_COUNTRY/ST=$C_STATE/L=$C_LOCALITY/O=$C_ORG/CN=*.$DOMAIN"


	CSR=${DOMAIN}.csr
	CERT=${DOMAIN}.crt

	# make sure environment exists
	mkdir -p ca.db.certs
	echo '01' >ca.db.serial
	touch ca.db.index

	# create an own SSLeay config
	cat >ca.config <<EOT
	[ ca ]
	default_ca = CA_own
	[ CA_own ]
	dir = .
	certs = \$dir
	new_certs_dir = \$dir/ca.db.certs
	database = \$dir/ca.db.index
	serial = \$dir/ca.db.serial
	RANDFILE = \$dir/ca.db.rand
	certificate = \$dir/ca.crt
	private_key = \$dir/ca.key
	default_days = $DAYS
	default_crl_days = 30
	default_md = md5
	preserve = no
	policy = policy_anything
	[ policy_anything ]
	countryName = optional
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional
	EOT

	# Sign certificates!
	echo "CA signing: $CSR -> $CERT:"
	openssl ca -passin pass:secret -batch -config ca.config -days $DAYS -out $CERT -infiles $CSR


	# IMPORTANT
	# remove password from key (or you will have to specifiy on apache startup)
	mv ${DOMAIN}.key ${DOMAIN}.key.original
	openssl rsa -in ${DOMAIN}.key.original -passin pass:secret -out ${DOMAIN}.key


	# cleanup
	rm -f ca.config
	rm -f ca.db.serial.old
	rm -f ca.db.index.old
	rm -f ${DOMAIN}.key.original


	# Rails-vhost-configuration (for OS X 10.5+ )


	cat >rails_vhost.conf <<EOT

	SSLCertificateFile /etc/apache2/ssl/$DOMAIN.crt
	SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN.key

	NameVirtualHost *:80

	<VirtualHost *:80>
	DocumentRoot "/Library/WebServer/Documents"
	</VirtualHost>

	<VirtualHost *:80>
	ServerName $DOMAIN
	ServerAlias *.$DOMAIN
	ProxyPass / http://localhost:3000/ retry=0
	ProxyPassReverse / http://localhost:3000
	ProxyPreserveHost on
	# DocumentRoot "/tmp"
	</VirtualHost>

	<VirtualHost *:443>
	SSLEngine On
	ServerName $DOMAIN
	ServerAlias *.$DOMAIN
	ProxyPass / http://localhost:3000/ retry=0
	ProxyPassReverse / http://localhost:3000
	ProxyPreserveHost on
	RequestHeader set X_FORWARDED_PROTO 'https'
	# DocumentRoot "/tmp"
	</VirtualHost>
	EOT




	cat <<EOT


	#############################################################################
	# Do the following: #
	#############################################################################


	* copy $DOMAIN.key and $DOMAIN.crt to /etc/apache2/ssl

	sudo mkdir -p /etc/apache2/ssl
	sudo cp $DOMAIN.* /etc/apache2/ssl/

	* copy rails_vhost.conf to /etc/apache2/other/rails_vhost.conf

	sudo cp rails_vhost.conf /etc/apache2/other/

	* activate Apache-SSL and configure default Virtual-Host

	# !!! MAKE BACKUPS when modifying system files !!!
	# (uncomment means: remove the '#' in front of the line)

	# in /etc/apache2/httpd.conf uncomment the following line
	# Include /private/etc/apache2/extra/httpd-ssl.conf

	# in /etc/apache2/extra/httpd-ssl.conf uncomment the lines from
	# <VirtualHost.... to
	# </VirtualHost...


	* test Apache configuration

	sudo apachectl configtest

	* restart Apache

	sudo apachectl restart

	* Let your system know $DOMAIN exists

	sudo echo "0.0.0.0 $DOMAIN" >> /etc/hosts

	* Should also work with subdomains of $DOMAIN :
	(add to the virtual-hosts-file manually)

	sudo echo "0.0.0.0 foo.$DOMAIN" >> /etc/hosts
	sudo echo "0.0.0.0 bar.$DOMAIN" >> /etc/hosts


	This applies to a standard MacOS X 10.5/10.6 Apache installation.
	If something goes wrong
	Hint: look into /var/log/apache2/error_log or ask someone who knows
	(or rtfm)

	EOT

	# die gracefully
	exit 0