Snippets

MVF Local SSL Cert Generator

Created by Fernando Paredes Murillo last modified
cert-gen.php
Raw 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
<?php

if( ! isset( $argv[1] ) ){
	echo "Domain needed!" . PHP_EOL;
	die;
}


function is_dir_empty($dir){
	return (count(scandir($dir)) <= 2);
}

define('DOMAIN', $argv[1]);
define('TMP_DIR', './.cert-gen-tmp');
define('CONF_FILE', TMP_DIR . '/' . $argv[1] . '.conf');



//Text template for the .conf file and the cert generation command
$conf_file_content = <<<EOT
	[ req ]

	default_bits        = 2048
	default_keyfile     = server-key.pem
	distinguished_name  = subject
	req_extensions      = req_ext
	x509_extensions     = x509_ext
	string_mask         = utf8only

	[ subject ]

	countryName                 = Country Name (2 letter code)
	countryName_default         = GB

	stateOrProvinceName         = State or Province Name
	stateOrProvinceName_default = Greater London

	localityName                = Locality Name
	localityName_default        = London

	organizationName            = Organization Name
	organizationName_default    = MVF Global Ltd.

	commonName                  = Common Name (domain name)
	commonName_default          = YOUR_DEV_DOMAIN

	emailAddress                = Email Address
	emailAddress_default        = dev-cert@mvfglobal.com

	[ x509_ext ]

	subjectKeyIdentifier   = hash
	authorityKeyIdentifier = keyid,issuer

	basicConstraints       = CA:FALSE
	keyUsage               = digitalSignature, keyEncipherment
	subjectAltName         = @alternate_names
	nsComment              = "OpenSSL Generated Certificate"

	[ req_ext ]

	subjectKeyIdentifier = hash

	basicConstraints     = CA:FALSE
	keyUsage             = digitalSignature, keyEncipherment
	subjectAltName       = @alternate_names
	nsComment            = "OpenSSL Generated Certificate"

	[ alternate_names ]

	DNS.1       = YOUR_DEV_DOMAIN
EOT;

$gen_command = <<<EOT
openssl req -config CONF_FILE -new -sha256 -newkey rsa:2048 \
-nodes -keyout KEY_FILE -x509 -days 365 \
-out CRT_FILE
EOT;


//Prepare the .conf file content and the gen command
$conf_file_content = str_replace('YOUR_DEV_DOMAIN', DOMAIN, $conf_file_content);
$gen_command = str_replace('CONF_FILE', CONF_FILE, $gen_command);
$gen_command = str_replace('KEY_FILE', DOMAIN . '.key', $gen_command);
$gen_command = str_replace('CRT_FILE', DOMAIN . '.crt', $gen_command);


//Create tmp folder
if (!file_exists(TMP_DIR)) {
    mkdir(TMP_DIR);
}

//Create .conf file
$conf_file = fopen(CONF_FILE, 'a');
fwrite($conf_file, $conf_file_content);

//Execute command
exec($gen_command);

//Add cert to keychain
$keychain_command = 'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ' . DOMAIN . '.crt';
exec($keychain_command);

//Delete tmp file & folder
fclose($conf_file);
unlink(CONF_FILE);
if (is_dir_empty(TMP_DIR)) {
	rmdir(TMP_DIR);
}

Comments (1)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.