twysto · October 7, 2021 06:27
diff --git a/devsslcert.sh b/devsslcert.sh
 #/usr/bin/env bash

 cat <<"HEREDOC"
    ____               __________ __       ______          __
   / __ \___ _   __   / ___/ ___// /      / ____/__  _____/ /_
  / / / / _ \ | / /   \__ \\__ \/ /      / /   / _ \/ ___/ __/
 / /_/ /  __/ |/ /   ___/ /__/ / /___   / /___/  __/ /  / /_
 /_____/\___/|___/   /____/____/_____/   \____/\___/_/   \__/

 HEREDOC

 echo "Type your Organization Name (e.g. IT-Company): "
 read organization

 SSL_CERTS_DIR=".ssl"

 # If folder exists make a backup
 if [[ -d "$SSL_CERTS_DIR" ]]; then
  mv "$SSL_CERTS_DIR" "~$SSL_CERTS_DIR-$(date '+%Y%m%d%H%M%S')"
 fi

 mkdir "$SSL_CERTS_DIR" && cd $_

 openssl req -x509 -nodes -new -sha256 -days 36135 \
  -newkey rsa:2048 \
  -keyout RootCA.key \
  -out RootCA.pem \
  -subj "/O=$organization" \
  2> /dev/null

 openssl x509 -outform pem \
  -in RootCA.pem \
  -out RootCA.crt \
  2> /dev/null

 cat > domains.txt <<EOF
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
 subjectAltName=@alt_names
 [alt_names]
 DNS.1=localhost
 EOF

 openssl req -new -nodes \
  -newkey rsa:2048 \
  -keyout localhost.key \
  -out localhost.csr \
  -subj "/O=$O/CN=localhost" \
  2> /dev/null

 openssl x509 -req -sha256 -days 36135 \
  -in localhost.csr \
  -CA RootCA.pem \
  -CAkey RootCA.key \
  -CAcreateserial \
  -extfile domains.txt \
  -out localhost.crt \
  2> /dev/null

 rm domains.txt
 rm localhost.csr
 rm RootCA.key
 rm RootCA.pem
 rm RootCA.srl

 echo -e "\nGeneration successful...\n"

 echo "Your certificate and private key are in the .ssh directory."
 echo -e "Don't forget to import your certificate authority (RootCA.crt) in your browser.\n"

 echo "On Chrome go to: Settings > Privacy and Security > Security > Manage certificates > Authorities."
 echo "Then click on the 'Import' button, browse your computer to find the RootCA.crt file and import it."
 echo -e "When asked, check the 'Trust this certificate for identifying websites' option.\n"

 echo "And you're done!"

 exit 0
	#/usr/bin/env bash

	cat <<"HEREDOC"
	____ __________ __ ______ __
	/ __ \___ _ __ / ___/ ___// / / ____/__ _____/ /_
	/ / / / _ \ \| / / \__ \\__ \/ / / / / _ \/ ___/ __/
	/ /_/ / __/ \|/ / ___/ /__/ / /___ / /___/ __/ / / /_
	/_____/\___/\|___/ /____/____/_____/ \____/\___/_/ \__/

	HEREDOC

	echo "Type your Organization Name (e.g. IT-Company): "
	read organization

	SSL_CERTS_DIR=".ssl"

	# If folder exists make a backup
	if [[ -d "$SSL_CERTS_DIR" ]]; then
	mv "$SSL_CERTS_DIR" "~$SSL_CERTS_DIR-$(date '+%Y%m%d%H%M%S')"
	fi

	mkdir "$SSL_CERTS_DIR" && cd $_

	openssl req -x509 -nodes -new -sha256 -days 36135 \
	-newkey rsa:2048 \
	-keyout RootCA.key \
	-out RootCA.pem \
	-subj "/O=$organization" \
	2> /dev/null

	openssl x509 -outform pem \
	-in RootCA.pem \
	-out RootCA.crt \
	2> /dev/null

	cat > domains.txt <<EOF
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
	subjectAltName=@alt_names
	[alt_names]
	DNS.1=localhost
	EOF

	openssl req -new -nodes \
	-newkey rsa:2048 \
	-keyout localhost.key \
	-out localhost.csr \
	-subj "/O=$O/CN=localhost" \
	2> /dev/null

	openssl x509 -req -sha256 -days 36135 \
	-in localhost.csr \
	-CA RootCA.pem \
	-CAkey RootCA.key \
	-CAcreateserial \
	-extfile domains.txt \
	-out localhost.crt \
	2> /dev/null

	rm domains.txt
	rm localhost.csr
	rm RootCA.key
	rm RootCA.pem
	rm RootCA.srl

	echo -e "\nGeneration successful...\n"

	echo "Your certificate and private key are in the .ssh directory."
	echo -e "Don't forget to import your certificate authority (RootCA.crt) in your browser.\n"

	echo "On Chrome go to: Settings > Privacy and Security > Security > Manage certificates > Authorities."
	echo "Then click on the 'Import' button, browse your computer to find the RootCA.crt file and import it."
	echo -e "When asked, check the 'Trust this certificate for identifying websites' option.\n"

	echo "And you're done!"

	exit 0