tomdavidson · May 7, 2023 04:15
diff --git a/local-trusted-ssl-cert.sh b/local-trusted-ssl-cert.sh
 #!/usr/bin/env bash


 # $1 : relative filename
 file_path() {
  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
 }


 output() {
 # export the cert and key path as vars or write to config file that msw can read
 }


 # $1 : cert name
 # $2 : key name
 generate-cert() {
    sudo tee openssl-config.cnf > /dev/null << ENDOFFILE
 [ req ]
 prompt              = no
 distinguished_name  = distinguished_name
 x509_extensions     = x509_extension
 [ distinguished_name ]
 CN = localhost
 [ x509_extension ]
 subjectAltName         = DNS:localhost, IP:127.0.0.1
 extendedKeyUsage       = critical, serverAuth, clientAuth
 keyUsage               = critical, digitalSignature, keyEncipherment
 ENDOFFILE

    openssl req -x509 -config openssl-config.cnf -newkey rsa:2048 -keyout "$2" -out "$1" -nodes
    rm openssl-config.cnf
 }

 trust_cert() {
    # Add to browsers' cert db (FF and Chrome)
    while read -r -d $'\0' i ; do
        certutil -d 'sql:'"$i" -A -t "C,," -n "${CERTNAME%.*}" -i "${CERTNAME}"
    done < <(find "$HOME" -type f -iregex '.*[/]cert[89][.]db' -printf '%h\0')

    # Add to debian based systems
    # might only care about the browsers
    # those mac guys can figure it out ...
    cp "${CERTNAME}" /usr/local/share/ca-certificates
    update-ca-certificates
 }



 # These names will be used in the trusted cert store and the full path will need to be added to MSW config
 APP_NAME=my-app
 KEYNAME=${APP_NAME}-key.pem
 CERTNAME=${APP_NAME}-cert.crt

 if [ ! -f "$KEYNAME" ] && [ ! -f "$CERTNAME" ] ; then
    generate_cert "$CERTNAME" "$KEYNAME" 
    trust_cert "$CERTNAME"
 fi

 output
	#!/usr/bin/env bash


	# $1 : relative filename
	file_path() {
	echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
	}


	output() {
	# export the cert and key path as vars or write to config file that msw can read
	}


	# $1 : cert name
	# $2 : key name
	generate-cert() {
	sudo tee openssl-config.cnf > /dev/null << ENDOFFILE
	[ req ]
	prompt = no
	distinguished_name = distinguished_name
	x509_extensions = x509_extension
	[ distinguished_name ]
	CN = localhost
	[ x509_extension ]
	subjectAltName = DNS:localhost, IP:127.0.0.1
	extendedKeyUsage = critical, serverAuth, clientAuth
	keyUsage = critical, digitalSignature, keyEncipherment
	ENDOFFILE

	openssl req -x509 -config openssl-config.cnf -newkey rsa:2048 -keyout "$2" -out "$1" -nodes
	rm openssl-config.cnf
	}

	trust_cert() {
	# Add to browsers' cert db (FF and Chrome)
	while read -r -d $'\0' i ; do
	certutil -d 'sql:'"$i" -A -t "C,," -n "${CERTNAME%.*}" -i "${CERTNAME}"
	done < <(find "$HOME" -type f -iregex '.*[/]cert[89][.]db' -printf '%h\0')

	# Add to debian based systems
	# might only care about the browsers
	# those mac guys can figure it out ...
	cp "${CERTNAME}" /usr/local/share/ca-certificates
	update-ca-certificates
	}



	# These names will be used in the trusted cert store and the full path will need to be added to MSW config
	APP_NAME=my-app
	KEYNAME=${APP_NAME}-key.pem
	CERTNAME=${APP_NAME}-cert.crt

	if [ ! -f "$KEYNAME" ] && [ ! -f "$CERTNAME" ] ; then
	generate_cert "$CERTNAME" "$KEYNAME"
	trust_cert "$CERTNAME"
	fi

	output