Snippets
Created by
Fernando Paredes Murillo
last modified
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | <?php
if( ! isset( $argv[1] ) ){
echo "Domain needed!" . PHP_EOL;
die;
}
function is_dir_empty($dir){
return (count(scandir($dir)) <= 2);
}
define('DOMAIN', $argv[1]);
define('TMP_DIR', './.cert-gen-tmp');
define('CONF_FILE', TMP_DIR . '/' . $argv[1] . '.conf');
//Text template for the .conf file and the cert generation command
$conf_file_content = <<<EOT
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = GB
stateOrProvinceName = State or Province Name
stateOrProvinceName_default = Greater London
localityName = Locality Name
localityName_default = London
organizationName = Organization Name
organizationName_default = MVF Global Ltd.
commonName = Common Name (domain name)
commonName_default = YOUR_DEV_DOMAIN
emailAddress = Email Address
emailAddress_default = dev-cert@mvfglobal.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = YOUR_DEV_DOMAIN
EOT;
$gen_command = <<<EOT
openssl req -config CONF_FILE -new -sha256 -newkey rsa:2048 \
-nodes -keyout KEY_FILE -x509 -days 365 \
-out CRT_FILE
EOT;
//Prepare the .conf file content and the gen command
$conf_file_content = str_replace('YOUR_DEV_DOMAIN', DOMAIN, $conf_file_content);
$gen_command = str_replace('CONF_FILE', CONF_FILE, $gen_command);
$gen_command = str_replace('KEY_FILE', DOMAIN . '.key', $gen_command);
$gen_command = str_replace('CRT_FILE', DOMAIN . '.crt', $gen_command);
//Create tmp folder
if (!file_exists(TMP_DIR)) {
mkdir(TMP_DIR);
}
//Create .conf file
$conf_file = fopen(CONF_FILE, 'a');
fwrite($conf_file, $conf_file_content);
//Execute command
exec($gen_command);
//Add cert to keychain
$keychain_command = 'sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ' . DOMAIN . '.crt';
exec($keychain_command);
//Delete tmp file & folder
fclose($conf_file);
unlink(CONF_FILE);
if (is_dir_empty(TMP_DIR)) {
rmdir(TMP_DIR);
}
|
Comments (1)
You can clone a snippet to your computer for local editing. Learn more.
Update: Now it also adds the certificate to the system keychain