#!/usr/bin/env bash set -eu org=localhost-ca domain=localhost rm -rf keys mkdir keys cd keys openssl genpkey -algorithm RSA -out ca.key openssl req -x509 -key ca.key -out ca.crt \ -subj "/CN=$org/O=$org" openssl genpkey -algorithm RSA -out "$domain".key openssl req -new -key "$domain".key -out "$domain".csr \ -subj "/CN=$domain/O=$org" openssl x509 -req -in "$domain".csr -days 365 -out "$domain".crt \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -extfile <(cat <<END basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer subjectAltName = DNS:$domain END ) sudo cp ca.crt /usr/local/share/ca-certificates/testing.crt sudo update-ca-certificates echo ' ## Chrome 1. go to chrome://settings/certificates 2. tab "authorities" 3. button "import" 4. choose "ca.crt" 5. trust for identify websites ## Firefox 1. go to about:preferences#privacy 2. button "view certificates" 3. button "import" 4. choose "ca.crt" 5. trust for identify websites ' echo done!