iccir · February 9, 2025 18:58
diff --git a/make_local_certs.sh b/make_local_certs.sh
 #!/bin/sh
 #
 # Generate self-signed certificates for local development
 # /www/keys/LocalRootCA.crt will need to be imported into Keychain Access
 # and set to "Always Trust"
 #

 BASE_PATH="/www/keys"

 ROOT_PATH="$BASE_PATH/LocalRootCA"
 ROOT_NAME="Local Root CA"
 ROOT_EXPIRATION=36500

 # 825 days is the max for certificates.
 # See https://www.floyd.ch/?p=1382
 #
 SITE_EXPIRATION=730


 make_site_cert() {
    SITE_PATH="$BASE_PATH/$1"
    openssl req -new -nodes -out $SITE_PATH.csr -newkey rsa:4096 -keyout $SITE_PATH.key -subj "/CN=$1"

    cat > $SITE_PATH.v3.ext << EOF
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 [alt_names]
 DNS.1 = $1
 DNS.2 = www.$1
 EOF

    openssl x509 -req \
        -in $SITE_PATH.csr \
        -CA $ROOT_PATH.crt \
        -CAkey $ROOT_PATH.key \
        -CAcreateserial \
        -out $SITE_PATH.crt \
        -days $SITE_EXPIRATION \
        -sha256 \
        -extfile $SITE_PATH.v3.ext

    rm $SITE_PATH.csr
    rm $SITE_PATH.v3.ext
    rm $ROOT_PATH.srl
 }


 if [ ! -f "$ROOT_PATH.key" ]; then
    openssl genrsa -out $ROOT_PATH.key 4096
 fi

 if [ ! -f "$ROOT_PATH.crt" ]; then
    openssl req -x509 -new -nodes \
        -key $ROOT_PATH.key \
        -sha256 \
        -days $ROOT_EXPIRATION \
        -out $ROOT_PATH.crt \
        -subj "/CN=$ROOT_NAME"
 fi

 make_site_cert "musictheory.local"
 make_site_cert "ricciadams.local"
 make_site_cert "beacon.local"
 make_site_cert "projects.local"
	#!/bin/sh
	#
	# Generate self-signed certificates for local development
	# /www/keys/LocalRootCA.crt will need to be imported into Keychain Access
	# and set to "Always Trust"
	#

	BASE_PATH="/www/keys"

	ROOT_PATH="$BASE_PATH/LocalRootCA"
	ROOT_NAME="Local Root CA"
	ROOT_EXPIRATION=36500

	# 825 days is the max for certificates.
	# See https://www.floyd.ch/?p=1382
	#
	SITE_EXPIRATION=730


	make_site_cert() {
	SITE_PATH="$BASE_PATH/$1"
	openssl req -new -nodes -out $SITE_PATH.csr -newkey rsa:4096 -keyout $SITE_PATH.key -subj "/CN=$1"

	cat > $SITE_PATH.v3.ext << EOF
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = $1
	DNS.2 = www.$1
	EOF

	openssl x509 -req \
	-in $SITE_PATH.csr \
	-CA $ROOT_PATH.crt \
	-CAkey $ROOT_PATH.key \
	-CAcreateserial \
	-out $SITE_PATH.crt \
	-days $SITE_EXPIRATION \
	-sha256 \
	-extfile $SITE_PATH.v3.ext

	rm $SITE_PATH.csr
	rm $SITE_PATH.v3.ext
	rm $ROOT_PATH.srl
	}


	if [ ! -f "$ROOT_PATH.key" ]; then
	openssl genrsa -out $ROOT_PATH.key 4096
	fi

	if [ ! -f "$ROOT_PATH.crt" ]; then
	openssl req -x509 -new -nodes \
	-key $ROOT_PATH.key \
	-sha256 \
	-days $ROOT_EXPIRATION \
	-out $ROOT_PATH.crt \
	-subj "/CN=$ROOT_NAME"
	fi

	make_site_cert "musictheory.local"
	make_site_cert "ricciadams.local"
	make_site_cert "beacon.local"
	make_site_cert "projects.local"