Extensions Boilerplate generate_local_ssl.sh

Hi, I’m using a fairly unmodified Ubuntu VM on Windows with VirtualBox, and upon running certs/generate_local_ssl.sh I received the output

patrick@iwwm:~/dfglance/boilerplate/certs$ ./generate_local_ssl.sh
cat: /System/Library/OpenSSL/openssl.cnf: No such file or directory
Generating a 4096 bit RSA private key
writing new private key to 'testing.key'
unable to find 'distinguished_name' in config
problems making Certificate Request
139700253935256:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=req name=distinguished_name

Generated testing.key and testing.crt files in local directory

Please install and trust cert at /home/patrick/dfglance/boilerplate/certs/testing.crt

Only testing.key was generated. Looking at the script, /System/Library/OpenSSL/openssl.cnf does not exist for me, but /etc/ssl/openssl.cnf does (unmodified), yet the script still uses that first path. When I removed the first path so the line looked like
-config <( cat $( [[ "Darwin" -eq "$(uname -s)" ]] && echo /etc/ssl/openssl.cnf ) \
then the script worked and generated both testing.key and testing.crt. I don’t know any shell scripting but it seems the file exists check isn’t working correctly, at least on my machine.


The script only works on Darwin it would seem. AKA Mac.

Since you are working on Ubuntu you might want to use https://letsencrypt.org/ to generate (if your VM is web accessable) and apply that cert to apache/nginx or https://ngrok.com/ to SSL terminate instead.

That would save faffing about with self signed certs

-eq checks for numerical value, it should be = instead. Both “Darwin” and “Linux” have a numerical value of 0, so the check is useless. I sent a pull request to fix that tiny mistake.

Heh my bash scripting is rusty…

The script ran without hiccup on my machine way back when I ran it without really paying attention to it :stuck_out_tongue:


Don’t have ubuntu so I have no idea if this works.


openssl req
-newkey rsa:4096
-days 1001
-subj “/C=US/ST=California/L=San Francisco/O=Twitch/OU=web/CN=localhost”
-extensions SAN
-config <( cat $( [[ “Darwin” -eq “$(uname -s)” ]] && echo /System/Library/OpenSSL/openssl.cnf || echo /etc/ssl/openssl.cnf )
<(printf “[SAN]\nsubjectAltName=‘DNS:localhost’”))
-keyout “${NAME}.key”
-out “${NAME}.crt”

echo “”
echo “Generated $NAME.key and $NAME.crt files in local directory”
echo “”

if [[ “$OSTYPE” == “darwin”* ]]; then
echo “Installing cert into local Keychain.”
echo “To see or modify, run ‘Keychain Access’ app and look in the ‘System’ Folder”
sudo security add-trusted-cert -d -p ssl -r trustRoot -k “/Library/Keychains/System.keychain” “${NAME}.crt”
sudo cp testing.crt /usr/local/share/ca-certificates/testing.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates

It seems like the original script doesn’t handle installing the generated key in any OS besides Mac? In any case I added what I think you want it to do based off this. If it doesn’t work, perhaps you could just manually copy the generated “testing.cert” in /boilerplate/certs to /usr/local/share/ca-certificates/