Skip to content

Instantly share code, notes, and snippets.

@dsphinx

dsphinx/certificate.sh

Forked from WebReflection/certificate.sh
Created January 2, 2018 15:00
Show Gist options
  • Save dsphinx/bca998a45c804628a4c792bc8235e88e to your computer and use it in GitHub Desktop.
Save dsphinx/bca998a45c804628a4c792bc8235e88e to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @WebReflection WebReflection revised this gist Sep 8, 2015. 1 changed file with 0 additions and 2 deletions.
    2 changes: 0 additions & 2 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -3,8 +3,6 @@
    # A basic Self Signed SSL Certificate utility
    # by Andrea Giammarchi @WebReflection

    # WARNING: Possible Security Hazard!

    # https://www.webreflection.co.uk/blog/2015/08/08/bringing-ssl-to-your-private-network

    # # to make it executable and use it
  2. @WebReflection WebReflection revised this gist Aug 19, 2015. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -267,7 +267,7 @@ function showInfo() {
    [*][Examples][/]
    # [*]craete[/] a new certificate
    # [*]create[/] a new certificate
    ./certificate create 192.168.1.10
    # [*]verify[/] its expiring date
  3. @WebReflection WebReflection revised this gist Aug 8, 2015. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -5,6 +5,8 @@

    # WARNING: Possible Security Hazard!

    # https://www.webreflection.co.uk/blog/2015/08/08/bringing-ssl-to-your-private-network

    # # to make it executable and use it
    # $ chmod +x certificate
    # $ ./certificate # to read the how-to
  4. @WebReflection WebReflection revised this gist Aug 8, 2015. 1 changed file with 19 additions and 28 deletions.
    47 changes: 19 additions & 28 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -10,34 +10,15 @@
    # $ ./certificate # to read the how-to

    about() {
    local server=$1
    local subj="/C=LN/ST=Local\\ Network/O=Local\\ Network"
    subj="${subj}/OU=Internet\\ Technology"
    subj="${subj}/CN=${server}"
    echo $subj
    echo "/C=LN/ST=Intranet/L=Local/O=Local\\ Network/OU=Network/CN=${1}/emailAddress=local@network"
    }

    actual_generation() {
    android_generation() {
    local server=$1
    local pass='p4ssPhrase'
    local subj=$(about $server)
    openssl req -new -passin pass:${pass} \
    -subj "${subj}" \
    -key "${server}.key" \
    -out "${server}.csr"
    cp "${server}.key" "${server}.key.org"
    openssl rsa -passin pass:${pass} \
    -in "${server}.key.org" \
    -out "${server}.key"
    openssl x509 -req -days 365 \
    -in "${server}.csr" \
    -signkey "${server}.key" \
    -out "${server}.crt"
    openssl x509 \
    -in "${server}.crt" \
    -outform DER \
    -out "${server}.der"
    rm "${server}.key.org"
    }

    check() {
    @@ -48,15 +29,20 @@ check() {

    create() {
    local server=$1
    local pass='p4ssPhrase'
    local subj=$(about $server)
    local CA="${server}CA"
    echo ''
    echo '-----------------------------'
    icho ' [*]generating certificate[/]'
    echo '-----------------------------'
    openssl genrsa -des3 -passout pass:${pass} \
    -out "${server}.key" 2048
    actual_generation $server
    openssl req -x509 -nodes -days 365 \
    -newkey rsa:2048 \
    -subj "${subj}" \
    -keyout "${server}.key" \
    -out "${server}.crt" \
    -reqexts v3_req \
    -extensions v3_ca
    android_generation "${server}"
    echo '-----------------------------'
    icho "[g]OK[/] [*]$(check $server)[/]"
    echo ''
    @@ -71,10 +57,15 @@ update() {
    echo '-----------------------------'
    echo $(check $server)
    cp "${server}.crt" "${server}.crt.bck"
    cp "${server}.csr" "${server}.csr.bck"
    cp "${server}.der" "${server}.der.bck"
    cp "${server}.key" "${server}.key.bck"
    actual_generation $server
    openssl req -x509 -nodes -new -days 365 \
    -subj "${subj}" \
    -key "${server}.key" \
    -out "${server}.crt" \
    -reqexts v3_req \
    -extensions v3_ca
    android_generation "${server}"
    echo '-----------------------------'
    icho "[g]OK[/] [*]$(check $server)[/]"
    echo ''
    @@ -165,7 +156,7 @@ case $1 in
    ;;
    clean)
    isCertificateThere $2
    rm -f ${2}.{crt,csr,der,key}.bck
    rm -f ${2}.{crt,der,key}.bck
    icho 'all [*]clean[/]'
    ;;
    create)
  5. @WebReflection WebReflection revised this gist Aug 8, 2015. 1 changed file with 11 additions and 8 deletions.
    19 changes: 11 additions & 8 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -29,13 +29,12 @@ actual_generation() {
    openssl rsa -passin pass:${pass} \
    -in "${server}.key.org" \
    -out "${server}.key"
    openssl x509 -req -sha256 -days 365 \
    openssl x509 -req -days 365 \
    -in "${server}.csr" \
    -signkey "${server}.key" \
    -out "${server}.crt"
    openssl x509 -req -sha256 -days 365 \
    -in "${server}.csr" \
    -signkey "${server}.key" \
    openssl x509 \
    -in "${server}.crt" \
    -outform DER \
    -out "${server}.der"
    rm "${server}.key.org"
    @@ -55,11 +54,11 @@ create() {
    echo '-----------------------------'
    icho ' [*]generating certificate[/]'
    echo '-----------------------------'
    openssl genrsa -des3 -sha256 -passout pass:${pass} \
    openssl genrsa -des3 -passout pass:${pass} \
    -out "${server}.key" 2048
    actual_generation $server
    echo '-----------------------------'
    icho "<g>OK[/] [*]$(check $server)[/]"
    icho "[g]OK[/] [*]$(check $server)[/]"
    echo ''
    }

    @@ -77,7 +76,7 @@ update() {
    cp "${server}.key" "${server}.key.bck"
    actual_generation $server
    echo '-----------------------------'
    icho "<g>OK[/] [*]$(check $server)[/]"
    icho "[g]OK[/] [*]$(check $server)[/]"
    echo ''
    }

    @@ -197,7 +196,11 @@ var
    document.createElement(\"p\")
    ).innerHTML = 'Service Worker is <strong>NOT supported</strong>';
    },
    ')}catch(e){document.body.appendChild(document.createElement(\"p\")).innerHTML=\"This browser has no Service Worker\"}</script>'
    ')}catch(e){',
    'document.body.appendChild(',
    'document.createElement(\"p\")',
    ').innerHTML=\"This browser has no Service Worker\"',
    '}</script>'
    )
    ;
  6. @WebReflection WebReflection revised this gist Aug 7, 2015. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -185,7 +185,7 @@ var
    res.end();
    },
    script = ''.concat(
    '<script>navigator.serviceWorker.register(\"/sw.js\").then(',
    '<script>try{navigator.serviceWorker.register(\"/sw.js\").then(',
    function () {
    document.body.appendChild(
    document.createElement(\"p\")
    @@ -197,7 +197,7 @@ var
    document.createElement(\"p\")
    ).innerHTML = 'Service Worker is <strong>NOT supported</strong>';
    },
    ')</script>'
    ')}catch(e){document.body.appendChild(document.createElement(\"p\")).innerHTML=\"This browser has no Service Worker\"}</script>'
    )
    ;
  7. @WebReflection WebReflection revised this gist Aug 7, 2015. 1 changed file with 31 additions and 4 deletions.
    35 changes: 31 additions & 4 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -2,7 +2,8 @@

    # A basic Self Signed SSL Certificate utility
    # by Andrea Giammarchi @WebReflection
    # https://gist.github.com/WebReflection/b4b460ecfc92ee62a9a8

    # WARNING: Possible Security Hazard!

    # # to make it executable and use it
    # $ chmod +x certificate
    @@ -178,26 +179,51 @@ case $1 in
    var
    fs = require('fs'),
    server = '${2}',
    port = parseInt('${3}' || 8080, 10)
    port = parseInt('${3}' || 8080, 10),
    onSW = function (res) {
    res.writeHead(200, {'Content-Type':'application/javascript'});
    res.end();
    },
    script = ''.concat(
    '<script>navigator.serviceWorker.register(\"/sw.js\").then(',
    function () {
    document.body.appendChild(
    document.createElement(\"p\")
    ).innerHTML = 'Service Worker is <strong>supported</strong>';
    },
    ').catch(',
    function () {
    document.body.appendChild(
    document.createElement(\"p\")
    ).innerHTML = 'Service Worker is <strong>NOT supported</strong>';
    },
    ')</script>'
    )
    ;
    require('https')
    .createServer({
    key: fs.readFileSync(server + '.key'),
    cert: fs.readFileSync(server + '.crt')
    },
    function (req, res) {
    if (req.url=='/sw.js') return onSW(res);
    res.writeHead(200, {'Content-Type': 'text/html'});
    res.end('<!DOCTYPE html>'.concat(
    '<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\">',
    '<style>*{font-family:sans-serif;}</style>',
    '<strong><span style=\"color:green;\">&#10004;</span> Hello HTTPS</strong>'
    '<strong><span style=\"color:green;\">&#10004;</span> Hello HTTPS</strong>',
    script
    ));
    }
    ).listen(port, server, showInfo);
    require('http')
    .createServer(
    function (req, res) {
    switch (req.url) {
    case ('/sw.js'):
    onSW(res);
    break;
    case ('/' + server + '.crt'):
    case ('/' + server + '.der'):
    res.writeHead(200, {'Content-Type': 'application/x-x509-ca-cert'});
    @@ -212,7 +238,8 @@ require('http')
    '<li><a href=\"/', server, '.crt\">download ', server, '.crt</a><br/><small>iOS, Windows Phone and Desktop</small></li>',
    '<li><a href=\"/', server, '.der\">download ', server, '.der</a><br/><small>Blackberry and maybe Android</small></li>',
    '<li><a href=\"https://', server, ':', port, '/\" style=\"font-size:small;\">try https</a></li>',
    '</ul>'
    '</ul>',
    script
    ));
    break;
    }
  8. @WebReflection WebReflection revised this gist Aug 7, 2015. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -2,6 +2,7 @@

    # A basic Self Signed SSL Certificate utility
    # by Andrea Giammarchi @WebReflection
    # https://gist.github.com/WebReflection/b4b460ecfc92ee62a9a8

    # # to make it executable and use it
    # $ chmod +x certificate
  9. @WebReflection WebReflection created this gist Aug 7, 2015.
    263 changes: 263 additions & 0 deletions certificate.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,263 @@
    #!/usr/bin/env bash

    # A basic Self Signed SSL Certificate utility
    # by Andrea Giammarchi @WebReflection

    # # to make it executable and use it
    # $ chmod +x certificate
    # $ ./certificate # to read the how-to

    about() {
    local server=$1
    local subj="/C=LN/ST=Local\\ Network/O=Local\\ Network"
    subj="${subj}/OU=Internet\\ Technology"
    subj="${subj}/CN=${server}"
    echo $subj
    }

    actual_generation() {
    local server=$1
    local pass='p4ssPhrase'
    local subj=$(about $server)
    openssl req -new -passin pass:${pass} \
    -subj "${subj}" \
    -key "${server}.key" \
    -out "${server}.csr"
    cp "${server}.key" "${server}.key.org"
    openssl rsa -passin pass:${pass} \
    -in "${server}.key.org" \
    -out "${server}.key"
    openssl x509 -req -sha256 -days 365 \
    -in "${server}.csr" \
    -signkey "${server}.key" \
    -out "${server}.crt"
    openssl x509 -req -sha256 -days 365 \
    -in "${server}.csr" \
    -signkey "${server}.key" \
    -outform DER \
    -out "${server}.der"
    rm "${server}.key.org"
    }

    check() {
    local server=$1
    local when=$(openssl x509 -in "${server}.crt" -noout -enddate)
    icho "Expires in [*]${when:9}[/]"
    }

    create() {
    local server=$1
    local pass='p4ssPhrase'
    local subj=$(about $server)
    echo ''
    echo '-----------------------------'
    icho ' [*]generating certificate[/]'
    echo '-----------------------------'
    openssl genrsa -des3 -sha256 -passout pass:${pass} \
    -out "${server}.key" 2048
    actual_generation $server
    echo '-----------------------------'
    icho "<g>OK[/] [*]$(check $server)[/]"
    echo ''
    }

    update() {
    local server=$1
    local subj=$(about $server)
    echo ''
    echo '-----------------------------'
    icho ' [*]updating certificate[/]'
    echo '-----------------------------'
    echo $(check $server)
    cp "${server}.crt" "${server}.crt.bck"
    cp "${server}.csr" "${server}.csr.bck"
    cp "${server}.der" "${server}.der.bck"
    cp "${server}.key" "${server}.key.bck"
    actual_generation $server
    echo '-----------------------------'
    icho "<g>OK[/] [*]$(check $server)[/]"
    echo ''
    }

    isCertificateThere() {
    if [ ! -f "${1}.crt" ]; then
    icho ' [*][r][Warning][/] you need to create a certificate first'
    icho " example: [*]certificate create ${1}[/]"
    echo ''
    exit 1
    fi
    }

    # slightly enriched echo
    # - - - - - - - - - - - - - -
    # by Andrea Giammarchi
    icho() {

    # resets
    local reset_all=$(tput sgr0) # [/] usable as reset for each style
    local reset_color=$(tput setaf 9) # [/(d|r|g|y|b|m|c|w)]
    local reset_bgcolor=$(tput setab 9) # [/(bd|br|bg|by|bb|bm|bc|bw)]
    local reset_underline=$(tput rmul) # [/_]

    # colors
    local black=$(tput setaf 0) # [d]dark[/d]
    local red=$(tput setaf 1) # [r]red[/r]
    local green=$(tput setaf 2) # [g]green[/g]
    local yellow=$(tput setaf 3) # [y]yellow[/y]
    local blue=$(tput setaf 4) # [b]blue[/b]
    local magenta=$(tput setaf 5) # [m]magenta[/m]
    local cyan=$(tput setaf 6) # [c]cyan[/c]
    local white=$(tput setaf 7) # [w]white[/w]

    # background colors
    local bgblack=$(tput setab 0) # [bd]bg dark[/bd]
    local bgred=$(tput setab 1) # [br]bg red[/br]
    local bggreen=$(tput setab 2) # [bg]bg green[/bg]
    local bgyellow=$(tput setab 3) # [by]bg yellow[/by]
    local bgblue=$(tput setab 4) # [bb]bg blue[/bb]
    local bgmagenta=$(tput setab 5) # [bm]bg magenta[/bm]
    local bgcyan=$(tput setab 6) # [bc]bg cyan[/bc]
    local bgwhite=$(tput setab 7) # [bw]bg white[/bw]

    # styles
    local start_under=$(tput smul) # [_][/_]
    local start_bold=$(tput bold) # [*][/*]
    # [*][/]

    # not implemented
    # rev Start reverse video
    # blink Start blinking text
    # invis Start invisible text
    # smso Start "standout" mode
    # rmso End "standout" mode

    # phrase replacement
    local phrase=$(echo "${1}" |
    sed -e "s/\[\*\]/\\${start_bold}/g" | sed -e "s/\[\/\*\]/\\${reset_all}/g" |
    sed -e "s/\[_\]/\\${start_under}/g" | sed -e "s/\[\/_\]/\\${reset_underline}/g" |
    sed -e "s/\[d\]/\\${black}/g" | sed -e "s/\[\/d\]/\\${reset_color}/g" |
    sed -e "s/\[r\]/\\${red}/g" | sed -e "s/\[\/r\]/\\${reset_color}/g" |
    sed -e "s/\[g\]/\\${green}/g" | sed -e "s/\[\/g\]/\\${reset_color}/g" |
    sed -e "s/\[y\]/\\${yellow}/g" | sed -e "s/\[\/y\]/\\${reset_color}/g" |
    sed -e "s/\[b\]/\\${blue}/g" | sed -e "s/\[\/b\]/\\${reset_color}/g" |
    sed -e "s/\[m\]/\\${magenta}/g" | sed -e "s/\[\/m\]/\\${reset_color}/g" |
    sed -e "s/\[c\]/\\${cyan}/g" | sed -e "s/\[\/c\]/\\${reset_color}/g" |
    sed -e "s/\[w\]/\\${white}/g" | sed -e "s/\[\/w\]/\\${reset_color}/g" |
    sed -e "s/\[bd\]/\\${bgblack}/g" | sed -e "s/\[\/bd\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[br\]/\\${bgred}/g" | sed -e "s/\[\/br\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[bg\]/\\${bggreen}/g" | sed -e "s/\[\/bg\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[by\]/\\${bgyellow}/g" | sed -e "s/\[\/by\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[bb\]/\\${bgblue}/g" | sed -e "s/\[\/bb\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[bm\]/\\${bgmagenta}/g" | sed -e "s/\[\/bm\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[bc\]/\\${bgcyan}/g" | sed -e "s/\[\/bc\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[bw\]/\\${bgwhite}/g" | sed -e "s/\[\/bw\]/\\${reset_bgcolor}/g" |
    sed -e "s/\[\/\]/\\${reset_all}/g"
    )
    echo -e "${phrase}${reset_all}"
    }

    echo ''
    case $1 in
    check)
    isCertificateThere $2
    check $2
    ;;
    clean)
    isCertificateThere $2
    rm -f ${2}.{crt,csr,der,key}.bck
    icho 'all [*]clean[/]'
    ;;
    create)
    create $2
    ;;
    test)
    isCertificateThere $2
    icho '- - - - - - - - - - - [*]visit[/]'
    node -e "'use strict';
    var
    fs = require('fs'),
    server = '${2}',
    port = parseInt('${3}' || 8080, 10)
    ;
    require('https')
    .createServer({
    key: fs.readFileSync(server + '.key'),
    cert: fs.readFileSync(server + '.crt')
    },
    function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/html'});
    res.end('<!DOCTYPE html>'.concat(
    '<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\">',
    '<style>*{font-family:sans-serif;}</style>',
    '<strong><span style=\"color:green;\">&#10004;</span> Hello HTTPS</strong>'
    ));
    }
    ).listen(port, server, showInfo);
    require('http')
    .createServer(
    function (req, res) {
    switch (req.url) {
    case ('/' + server + '.crt'):
    case ('/' + server + '.der'):
    res.writeHead(200, {'Content-Type': 'application/x-x509-ca-cert'});
    fs.createReadStream(req.url.slice(1)).pipe(res);
    break;
    default:
    res.writeHead(200);
    res.end('<!DOCTYPE html>'.concat(
    '<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\">',
    '<style>*{font-family:sans-serif;}a{line-height:42px;}li{margin-bottom:36px;}</style>',
    '<ul>',
    '<li><a href=\"/', server, '.crt\">download ', server, '.crt</a><br/><small>iOS, Windows Phone and Desktop</small></li>',
    '<li><a href=\"/', server, '.der\">download ', server, '.der</a><br/><small>Blackberry and maybe Android</small></li>',
    '<li><a href=\"https://', server, ':', port, '/\" style=\"font-size:small;\">try https</a></li>',
    '</ul>'
    ));
    break;
    }
    }
    ).listen(port + 1, server, showInfo);
    function showInfo() {
    var
    addres = this.address(),
    isHTTPS = addres.port == port,
    prefix = isHTTPS ?
    'HTTPS https' :
    'Download Certificate http'
    ;
    console.log(prefix + '://' + addres.address + ':' + addres.port + '/');
    }"
    ;;
    update)
    isCertificateThere $2
    update $2
    ;;
    *)
    icho "
    [*][About][/]
    a basic Self Signed SSL Certificate utility
    by Andrea Giammarchi @WebReflection
    [*][Usage][/]
    ./certificate [check|create|test|update] servername|ip [port]
    [*][Examples][/]
    # [*]craete[/] a new certificate
    ./certificate create 192.168.1.10
    # [*]verify[/] its expiring date
    ./certificate check 192.168.1.10
    # [*]update[/] its expiring date
    certificate update 192.168.1.10
    # [*]create[/] both http and https pages
    # one to download the right certificate
    # the other one to test the page
    ./certificate test 192.168.1.10 1337
    "
    ;;
    esac
    echo ''