From b337cc9278bf5c5533db7f52a916b9aaf47a8943 Mon Sep 17 00:00:00 2001
From: azmandios <azmandios@gmail.com>
Date: Thu, 21 Oct 2021 15:53:22 +0300
Subject: [PATCH] generate selftrusted ssl certificate

---
 README.MD                        |  2 ++
 scripts/generate-ssl-keys-7x7.sh | 48 ++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 scripts/generate-ssl-keys-7x7.sh

diff --git a/README.MD b/README.MD
index 0103a02..65e6f61 100644
--- a/README.MD
+++ b/README.MD
@@ -6,3 +6,5 @@
 `git_clone_star_repos.sh` -- клонирование git репозиториев, отмеченных звездой, из профиля пользователя
 
 `tiny_recursive` -- рекурсивная оптимизация JPG и PNG изображений в папках, через сервис tinypng
+
+`generate-ssl-keys-7x7.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS
\ No newline at end of file
diff --git a/scripts/generate-ssl-keys-7x7.sh b/scripts/generate-ssl-keys-7x7.sh
new file mode 100644
index 0000000..ac621d1
--- /dev/null
+++ b/scripts/generate-ssl-keys-7x7.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# http://www.vanemery.com/Linux/Apache/apache-SSL.html
+
+CA="C=RU
+ST=ST
+O=MyOrg
+localityName=Minsk
+commonName=My Name
+organizationalUnitName=None
+emailAddress=myemail@gmail.com"
+
+CERT="commonName=7x7.test
+organization=MyOrg
+organizationalUnitName=None"
+
+EXTS="
+[req]
+x509_extensions = v3_ca
+
+[v3_ca]
+nsCertType              = server
+keyUsage                = digitalSignature,nonRepudiation,keyEncipherment
+extendedKeyUsage        = serverAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+subjectAltName          = @alt_names
+[alt_names]
+DNS.1   = localhost
+DNS.2   = 7x7.test
+DNS.3   = *.7x7.test
+IP.1   = 127.0.0.1
+"
+
+extfile="/tmp/openssl.conf.tmp"
+
+# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list
+
+openssl genrsa -out "localhost-ca.key" 4096
+openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")"
+
+echo "$EXTS" > $extfile
+
+openssl genrsa -out "7x7.test.key" 4096
+openssl req -new -key "7x7.test.key" -out "7x7.test.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256
+openssl x509 -req -in "7x7.test.csr" -out "7x7.test.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca
+
+rm -f "$extfile"