Extensions Boilerplate generate_local_ssl.sh

Extensions
1

Hi, I’m using a fairly unmodified Ubuntu VM on Windows with VirtualBox, and upon running certs/generate_local_ssl.sh I received the output

patrick@iwwm:~/dfglance/boilerplate/certs$ ./generate_local_ssl.sh
cat: /System/Library/OpenSSL/openssl.cnf: No such file or directory
Generating a 4096 bit RSA private key
............................++
...........................................................++
writing new private key to 'testing.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
139700253935256:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=req name=distinguished_name

Generated testing.key and testing.crt files in local directory

Please install and trust cert at /home/patrick/dfglance/boilerplate/certs/testing.crt

Only testing.key was generated. Looking at the script, /System/Library/OpenSSL/openssl.cnf does not exist for me, but /etc/ssl/openssl.cnf does (unmodified), yet the script still uses that first path. When I removed the first path so the line looked like
-config <( cat $( [[ "Darwin" -eq "$(uname -s)" ]] && echo /etc/ssl/openssl.cnf ) \
then the script worked and generated both testing.key and testing.crt. I don’t know any shell scripting but it seems the file exists check isn’t working correctly, at least on my machine.

2

The script only works on Darwin it would seem. AKA Mac.

Since you are working on Ubuntu you might want to use https://letsencrypt.org/ to generate (if your VM is web accessable) and apply that cert to apache/nginx or https://ngrok.com/ to SSL terminate instead.

That would save faffing about with self signed certs

3

-eq checks for numerical value, it should be = instead. Both “Darwin” and “Linux” have a numerical value of 0, so the check is useless. I sent a pull request to fix that tiny mistake.

4

Heh my bash scripting is rusty…

The script ran without hiccup on my machine way back when I ran it without really paying attention to it :stuck_out_tongue:

6

Don’t have ubuntu so I have no idea if this works.

NAME=${1:-testing}

openssl req
-newkey rsa:4096
-days 1001
-nodes
-x509
-subj “/C=US/ST=California/L=San Francisco/O=Twitch/OU=web/CN=localhost”
-extensions SAN
-config <( cat $( [[ “Darwin” -eq “$(uname -s)” ]] && echo /System/Library/OpenSSL/openssl.cnf || echo /etc/ssl/openssl.cnf )
<(printf “[SAN]\nsubjectAltName=‘DNS:localhost’”))
-keyout “${NAME}.key”
-out “${NAME}.crt”

echo “”
echo “Generated $NAME.key and $NAME.crt files in local directory”
echo “”

if [[ “$OSTYPE” == “darwin”* ]]; then
echo “Installing cert into local Keychain.”
echo “To see or modify, run ‘Keychain Access’ app and look in the ‘System’ Folder”
sudo security add-trusted-cert -d -p ssl -r trustRoot -k “/Library/Keychains/System.keychain” “${NAME}.crt”
else
sudo cp testing.crt /usr/local/share/ca-certificates/testing.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
fi

It seems like the original script doesn’t handle installing the generated key in any OS besides Mac? In any case I added what I think you want it to do based off this. If it doesn’t work, perhaps you could just manually copy the generated “testing.cert” in /boilerplate/certs to /usr/local/share/ca-certificates/