Created
April 17, 2022 11:30
-
-
Save afedotov/dc3c99a5ea1baec76ffcf0bf56fea438 to your computer and use it in GitHub Desktop.
Create dev-root-CA signed server certificate on macOS for local development purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| set -e | |
| [[ $# -eq 2 ]] || { | |
| echo -ne "\nUsage: $(basename $0) CERT_HOST_FQDN CERT_HOST_IP\n\n" | |
| exit 1 | |
| } | |
| CERT_HOST="$1" | |
| CERT_IP="$2" | |
| openssl genrsa -out certs/${CERT_HOST}-key.pem 4096 | |
| openssl req \ | |
| -new \ | |
| -sha256 \ | |
| -subj "/CN=${CERT_HOST}" \ | |
| -key certs/${CERT_HOST}-key.pem \ | |
| -out certs/${CERT_HOST}-csr.pem \ | |
| openssl x509 \ | |
| -req \ | |
| -sha256 \ | |
| -days 365 \ | |
| -in certs/${CERT_HOST}-csr.pem \ | |
| -out certs/${CERT_HOST}-crt.pem \ | |
| -CA certs/dev-root-CA-crt.pem \ | |
| -CAkey certs/dev-root-CA-key.pem \ | |
| -CAcreateserial \ | |
| -extfile <(printf "subjectAltName=DNS:${CERT_HOST},IP:${CERT_IP}\nextendedKeyUsage=serverAuth") \ | |
| openssl x509 -in certs/${CERT_HOST}-crt.pem -noout -text > certs/${CERT_HOST}-crt.txt | |
| echo "Certificate saved to certs/${CERT_HOST}-crt.pem" | |
| echo "Certificate information in certs/${CERT_HOST}-crt.txt" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment