From 41b079a319e680738251aceb3026bbc7d7e22794 Mon Sep 17 00:00:00 2001 From: azmandios Date: Sun, 28 Nov 2021 18:04:42 +0300 Subject: [PATCH] generate selfwrite ssl --- README.MD | 2 +- scripts/generate-ssl.sh | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100755 scripts/generate-ssl.sh diff --git a/README.MD b/README.MD index 65e6f61..3591614 100644 --- a/README.MD +++ b/README.MD @@ -7,4 +7,4 @@ `tiny_recursive` -- рекурсивная оптимизация JPG и PNG изображений в папках, через сервис tinypng -`generate-ssl-keys-7x7.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS \ No newline at end of file +`generate-ssl.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS, параметром передавать название сайта diff --git a/scripts/generate-ssl.sh b/scripts/generate-ssl.sh new file mode 100755 index 0000000..63e3097 --- /dev/null +++ b/scripts/generate-ssl.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# передать параметром домен сайта, под который будет сгенерирован сертификат + +CA="C=RU +ST=ST +O=TriumphTeam +localityName=Minsk +commonName=AleckseyHolubey +organizationalUnitName=TriumphTeam +emailAddress=azmandios@gmail.com" + +CERT="commonName="$1" +organization=TriumphTeam +organizationalUnitName=TriumphTeam" + +EXTS=" +[req] +x509_extensions = v3_ca + +[v3_ca] +nsCertType = server +keyUsage = digitalSignature,nonRepudiation,keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +DNS.2 = $1 +DNS.3 = *.$1 +IP.1 = 127.0.0.1 +" + +extfile="/tmp/openssl.conf.tmp" + +# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list + +openssl genrsa -out "localhost-ca.key" 4096 +openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")" + +echo "$EXTS" > $extfile + +openssl genrsa -out "$1.key" 4096 +openssl req -new -key "$1.key" -out "$1.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256 +openssl x509 -req -in "$1.csr" -out "$1.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca + +rm -f "$extfile"