mirror of https://github.com/harish2704/dotFiles
3 changed files with 92 additions and 0 deletions
@ -0,0 +1,4 @@ |
|||
*.csr |
|||
*.key |
|||
*.crt |
|||
*.pem |
|||
@ -0,0 +1,16 @@ |
|||
## Install RootCA certificates for browsers. |
|||
|
|||
Web browsers like Firefox & Chromium will not consider the system CA certificates. These are the instructions to install RootCA for these browsers. |
|||
|
|||
## Firefox |
|||
``` |
|||
certutil -d ~/.mozilla/firefox/<Profile id>.default/ -A -i ./rootCA.pem -n 'Localhost Root CA' -t C,, |
|||
``` |
|||
Where `<Profile id>` will change for each user. This has to be run for each Firefox profile. |
|||
|
|||
##### Chrome / Chromium |
|||
``` |
|||
certutil -d "sql:$HOME/.pki/nssdb" -A -i ./rootCA.pem -n 'Locahost RootCA via certutil' -t C,, |
|||
``` |
|||
|
|||
|
|||
@ -0,0 +1,72 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
if [ -z "$1"]; then |
|||
echo "Usage: gen-cert.sh <domainname>" |
|||
exit 1 |
|||
fi |
|||
|
|||
DomainName="$1"; |
|||
|
|||
settingsRoot(){ |
|||
cat<<EOF |
|||
|
|||
[req] |
|||
prompt = no |
|||
distinguished_name = dn |
|||
|
|||
[ dn ] |
|||
C=IN |
|||
ST=Some state |
|||
O=Localhost.in CA Authority |
|||
emailAddress=admin@localhost.in |
|||
CN=localhost.in |
|||
|
|||
EOF |
|||
} |
|||
|
|||
settings(){ |
|||
localdomain=$DomainName |
|||
cat<<EOF |
|||
[req] |
|||
prompt = no |
|||
distinguished_name = dn |
|||
req_extensions = req_ext |
|||
x509_extensions = usr_cert |
|||
|
|||
[ dn ] |
|||
C=IN |
|||
ST=Some state |
|||
O=$localdomain Orgaization |
|||
emailAddress=admin@$(echo $localdomain | sed 's/^\*\.//') |
|||
CN = $localdomain |
|||
|
|||
[ req_ext ] |
|||
subjectAltName=DNS:$localdomain |
|||
|
|||
[ usr_cert ] |
|||
subjectAltName=DNS:$localdomain |
|||
EOF |
|||
} |
|||
|
|||
echo "Generating Root CA key" |
|||
[[ -f rootCA.key ]] || openssl genrsa -des3 -out rootCA.key 2048 |
|||
|
|||
|
|||
echo "Generating Root CA certificate" |
|||
[[ -f rootCA.pem ]] || openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <(settingsRoot) |
|||
|
|||
echo "Generating certificate key" |
|||
[[ -f $DomainName.key ]] || openssl genrsa -des3 -out $DomainName.key 1024 |
|||
|
|||
echo "Generating Certificate signing request" |
|||
[[ -f $DomainName.csr ]] || openssl req -nodes -sha256 -newkey rsa:2048 -keyout $DomainName.key -out $DomainName.csr -config <( settings ) |
|||
|
|||
|
|||
|
|||
echo "Signing CSR with root key" |
|||
|
|||
[[ -f $DomainName.crt ]] || openssl x509 -req -in $DomainName.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $DomainName.crt -days 500 -sha256 -extfile <(printf "subjectAltName=DNS:$DomainName") |
|||
|
|||
|
|||
|
|||
|
|||
Loading…
Reference in new issue