generate selftrusted ssl certificate

README.MD

@@ -6,3 +6,5 @@
 `git_clone_star_repos.sh` -- клонирование git репозиториев, отмеченных звездой, из профиля пользователя
 
 `tiny_recursive` -- рекурсивная оптимизация JPG и PNG изображений в папках, через сервис tinypng
+
+`generate-ssl-keys-7x7.sh` -- генерация самодписанного SSL сертификата, для локального HTTPS

scripts/generate-ssl-keys-7x7.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# http://www.vanemery.com/Linux/Apache/apache-SSL.html
+
+CA="C=RU
+ST=ST
+O=MyOrg
+localityName=Minsk
+commonName=My Name
+organizationalUnitName=None
+emailAddress=myemail@gmail.com"
+
+CERT="commonName=7x7.test
+organization=MyOrg
+organizationalUnitName=None"
+
+EXTS="
+[req]
+x509_extensions = v3_ca
+
+[v3_ca]
+nsCertType              = server
+keyUsage                = digitalSignature,nonRepudiation,keyEncipherment
+extendedKeyUsage        = serverAuth
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+subjectAltName          = @alt_names
+[alt_names]
+DNS.1   = localhost
+DNS.2   = 7x7.test
+DNS.3   = *.7x7.test
+IP.1   = 127.0.0.1
+"
+
+extfile="/tmp/openssl.conf.tmp"
+
+# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list
+
+openssl genrsa -out "localhost-ca.key" 4096
+openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")"
+
+echo "$EXTS" > $extfile
+
+openssl genrsa -out "7x7.test.key" 4096
+openssl req -new -key "7x7.test.key" -out "7x7.test.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256
+openssl x509 -req -in "7x7.test.csr" -out "7x7.test.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca
+
+rm -f "$extfile"