Last active
January 25, 2026 04:25
-
-
Save samithaf/66347baf4572b1814b95b83bdc6d9907 to your computer and use it in GitHub Desktop.
Self sign cert creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| parent_path=$( cd "$(dirname "${0}")" ; pwd -P ) | |
| cd "$parent_path" | |
| set -e | |
| LOCAL_IP=$(ifconfig | awk '/inet /&&!/127.0.0.1/{print $2;exit}') | |
| # Based on https://jaanus.com/ios-13-certificates/ | |
| if [ ! -f ./ca.crt ]; then | |
| echo -e "Generating root CA" | |
| rm -f ca.key | |
| openssl genrsa -out ca.key 4096 | |
| openssl req -x509 -new -nodes -key ca.key -sha256 -days 825 \ | |
| -subj "/C=AU/ST=NSW/L=Sydney/O=Acme Inc/OU=Acme Inc Digital/CN=Acme Inc Root CA" \ | |
| -out ca.crt | |
| echo -e "\e[42mRoot CA successfully generated\e[0m" | |
| echo -e "\e[1mAdd ca.crt to your Login keychain and set to always trust\e[0m" | |
| fi | |
| echo -e "Generating server certificate" | |
| rm -f server.crt | |
| rm -f server.csr | |
| rm -f server.key | |
| openssl genrsa -out server.key 4096 | |
| openssl req -new -key server.key \ | |
| -addext "extendedKeyUsage = serverAuth" \ | |
| -addext "subjectAltName = DNS.1:acme.local,IP.1:$LOCAL_IP,IP.2:127.0.0.1" \ | |
| -subj "/C=AU/ST=NSW/L=Sydney/O=Acme Inc/OU=Acme Inc Digital/CN=$LOCAL_IP" \ | |
| -out server.csr | |
| sed "s/PLACEHOLDER/$LOCAL_IP/g" extensions-template.cnf > ext-tmp.cnf | |
| openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ | |
| -extfile ext-tmp.cnf -extensions req_ext \ | |
| -out server.crt -days 5 -sha256 | |
| rm -f ext-tmp.cnf | |
| echo -e "\e[42mServer certificate successfully generated\e[0m" | |
| echo -e "\e[1mInstall the root CA onto your test device\e[0m" | |
| exit $? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ req_ext ] | |
| extendedKeyUsage = serverAuth | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = localhost | |
| IP.1 = PLACEHOLDER | |
| IP.2 = 127.0.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment