From b696f8d9aef45376272329ce458f98fa63befad8 Mon Sep 17 00:00:00 2001
From: Harish Karumuthil <harish2704@gmail.com>
Date: Thu, 4 Aug 2022 18:23:46 +0530
Subject: [PATCH] Added ssl cert gen

---
 home/.local/Apps/ssl/.gitignore  |  4 ++
 home/.local/Apps/ssl/Readme.md   | 16 +++++++
 home/.local/Apps/ssl/gen-cert.sh | 72 ++++++++++++++++++++++++++++++++
 3 files changed, 92 insertions(+)
 create mode 100644 home/.local/Apps/ssl/.gitignore
 create mode 100644 home/.local/Apps/ssl/Readme.md
 create mode 100755 home/.local/Apps/ssl/gen-cert.sh

diff --git a/home/.local/Apps/ssl/.gitignore b/home/.local/Apps/ssl/.gitignore
new file mode 100644
index 0000000..dd485ca
--- /dev/null
+++ b/home/.local/Apps/ssl/.gitignore
@@ -0,0 +1,4 @@
+*.csr
+*.key
+*.crt
+*.pem
diff --git a/home/.local/Apps/ssl/Readme.md b/home/.local/Apps/ssl/Readme.md
new file mode 100644
index 0000000..8b1da1c
--- /dev/null
+++ b/home/.local/Apps/ssl/Readme.md
@@ -0,0 +1,16 @@
+## Install RootCA certificates for browsers.
+
+Web browsers like Firefox & Chromium will not consider the system CA certificates. These are the instructions to install RootCA for these browsers.
+
+## Firefox
+```
+certutil -d ~/.mozilla/firefox/<Profile id>.default/ -A -i ./rootCA.pem -n 'Localhost Root CA' -t C,,
+```
+Where `<Profile id>` will change for each user. This has to be run for each Firefox profile.
+
+##### Chrome / Chromium
+```
+certutil -d  "sql:$HOME/.pki/nssdb" -A -i ./rootCA.pem -n 'Locahost RootCA via certutil' -t C,,
+```
+
+
diff --git a/home/.local/Apps/ssl/gen-cert.sh b/home/.local/Apps/ssl/gen-cert.sh
new file mode 100755
index 0000000..55016fd
--- /dev/null
+++ b/home/.local/Apps/ssl/gen-cert.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+if [ -z "$1"]; then
+  echo "Usage: gen-cert.sh <domainname>"
+  exit 1
+fi
+
+DomainName="$1";
+
+settingsRoot(){
+cat<<EOF
+
+[req]
+prompt = no
+distinguished_name = dn
+
+[ dn ]
+C=IN
+ST=Some state
+O=Localhost.in CA Authority
+emailAddress=admin@localhost.in
+CN=localhost.in
+
+EOF
+}
+
+settings(){
+  localdomain=$DomainName
+  cat<<EOF
+[req]
+prompt = no
+distinguished_name = dn
+req_extensions     = req_ext
+x509_extensions = usr_cert
+
+[ dn ]
+C=IN
+ST=Some state
+O=$localdomain Orgaization
+emailAddress=admin@$(echo $localdomain | sed 's/^\*\.//')
+CN = $localdomain
+ 
+[ req_ext ]
+subjectAltName=DNS:$localdomain
+
+[ usr_cert ]
+subjectAltName=DNS:$localdomain
+EOF
+}
+
+echo "Generating Root CA key"
+[[ -f rootCA.key ]] || openssl genrsa -des3 -out rootCA.key 2048
+
+
+echo "Generating Root CA certificate"
+[[ -f rootCA.pem ]] || openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <(settingsRoot)
+
+echo "Generating certificate key"
+[[ -f $DomainName.key ]] || openssl genrsa -des3 -out $DomainName.key 1024
+
+echo "Generating Certificate signing request"
+[[ -f $DomainName.csr ]] || openssl req -nodes -sha256 -newkey rsa:2048 -keyout $DomainName.key -out $DomainName.csr -config <( settings )
+
+
+
+echo "Signing CSR with root key"
+
+[[ -f $DomainName.crt ]] || openssl x509 -req -in $DomainName.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $DomainName.crt -days 500 -sha256 -extfile <(printf "subjectAltName=DNS:$DomainName")
+
+
+
+