init commit

.gitignore

@@ -0,0 +1,4 @@
+*.key
+*.pem
+*.srl
+*.crt

create_certificate_for_domain.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+if [ -z "$1" ]
+then
+  echo "Please supply a subdomain to create a certificate for";
+  echo "e.g. mysite.localhost"
+  exit;
+fi
+
+# Create a new private key if one doesnt exist, or use the xeisting one if it does
+if [ -f device.key ]; then
+  KEY_OPT="-key"
+else
+  KEY_OPT="-keyout"
+fi
+
+DOMAIN=$1
+COMMON_NAME=${2:-$1}
+
+SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=*.$COMMON_NAME"
+NUM_OF_DAYS=999
+openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
+cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
+openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext 
+
+# move output files to final filenames
+mv device.csr $DOMAIN.csr
+cp device.crt $DOMAIN.crt
+
+# remove temp file
+rm -f device.crt;
+
+echo 
+echo "###########################################################################"
+echo Done! 
+echo "###########################################################################"
+echo "To use these files on your server, simply copy both $DOMAIN.crt and"
+echo "device.key to your webserver, and use like so (if Apache, for example)"
+echo 
+echo "    SSLCertificateFile    /path_to_your_files/$DOMAIN.crt"
+echo "    SSLCertificateKeyFile /path_to_your_files/device.key"

create_root_cert_and_key.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+openssl genrsa -out rootCA.key 2048
+openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

v3.ext

@@ -0,0 +1,8 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = %%DOMAIN%%
+DNS.2 = *.%%DOMAIN%%