generate selfwrite ssl

README.MD

@@ -7,4 +7,4 @@
 
 `tiny_recursive` -- рекурсивная оптимизация JPG и PNG изображений в папках, через сервис tinypng
 
-`generate-ssl-keys-7x7.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS
+`generate-ssl.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS, параметром передавать название сайта

scripts/generate-ssl.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# передать параметром домен сайта, под который будет сгенерирован сертификат
+
+CA="C=RU
+ST=ST
+O=TriumphTeam
+localityName=Minsk
+commonName=AleckseyHolubey
+organizationalUnitName=TriumphTeam
+emailAddress=azmandios@gmail.com"
+
+CERT="commonName="$1"
+organization=TriumphTeam
+organizationalUnitName=TriumphTeam"
+
+EXTS="
+[req]
+x509_extensions = v3_ca
+
+[v3_ca]
+nsCertType              = server
+keyUsage                = digitalSignature,nonRepudiation,keyEncipherment
+extendedKeyUsage        = serverAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+subjectAltName          = @alt_names
+[alt_names]
+DNS.1   = localhost
+DNS.2   = $1
+DNS.3   = *.$1
+IP.1   = 127.0.0.1
+"
+
+extfile="/tmp/openssl.conf.tmp"
+
+# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list
+
+openssl genrsa -out "localhost-ca.key" 4096
+openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")"
+
+echo "$EXTS" > $extfile
+
+openssl genrsa -out "$1.key" 4096
+openssl req -new -key "$1.key" -out "$1.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256
+openssl x509 -req -in "$1.csr" -out "$1.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca
+
+rm -f "$extfile"