49 lines
1023 B
Bash
49 lines
1023 B
Bash
|
#!/usr/bin/env bash
|
||
|
|
set -eu
|
||
|
|
org=localhost-ca
|
||
|
|
domain=localhost
|
||
|
|
|
||
|
|
rm -rf keys
|
||
|
|
mkdir keys
|
||
|
|
cd keys
|
||
|
|
|
||
|
|
openssl genpkey -algorithm RSA -out ca.key
|
||
|
|
openssl req -x509 -key ca.key -out ca.crt \
|
||
|
|
-subj "/CN=$org/O=$org"
|
||
|
|
|
||
|
|
openssl genpkey -algorithm RSA -out "$domain".key
|
||
|
|
openssl req -new -key "$domain".key -out "$domain".csr \
|
||
|
|
-subj "/CN=$domain/O=$org"
|
||
|
|
|
||
|
|
openssl x509 -req -in "$domain".csr -days 365 -out "$domain".crt \
|
||
|
|
-CA ca.crt -CAkey ca.key -CAcreateserial \
|
||
|
|
-extfile <(cat <<END
|
||
|
|
basicConstraints = CA:FALSE
|
||
|
|
subjectKeyIdentifier = hash
|
||
|
|
authorityKeyIdentifier = keyid,issuer
|
||
|
|
subjectAltName = DNS:$domain
|
||
|
|
END
|
||
|
|
)
|
||
|
|
|
||
|
|
sudo cp ca.crt /usr/local/share/ca-certificates/testing.crt
|
||
|
|
sudo update-ca-certificates
|
||
|
|
|
||
|
|
|
||
|
|
echo '
|
||
|
|
## Chrome
|
||
|
|
1. go to chrome://settings/certificates
|
||
|
|
2. tab "authorities"
|
||
|
|
3. button "import"
|
||
|
|
4. choose "ca.crt"
|
||
|
|
5. trust for identify websites
|
||
|
|
|
||
|
|
## Firefox
|
||
|
|
1. go to about:preferences#privacy
|
||
|
|
2. button "view certificates"
|
||
|
|
3. button "import"
|
||
|
|
4. choose "ca.crt"
|
||
|
|
5. trust for identify websites
|
||
|
|
'
|
||
|
|
|
||
|
|
echo done!
|