1#!/bin/sh 2 3# Copyright 2019 Google Inc. All rights reserved. 4 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8 9# http://www.apache.org/licenses/LICENSE-2.0 10 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17# As explained in 18# https://gist.github.com/darrenjs/4645f115d10aa4b5cebf57483ec82eca 19 20openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048 21openssl rsa -passin pass:xxxx -in server.pass.key -out server.key 22rm -f server.pass.key 23 24openssl req \ 25 -subj "/C=US/ST=California/L=Santa Clara/O=Beyond Aggravated/CN=localhost" \ 26 -new -key server.key -out server.csr 27 28openssl x509 -req -sha256 -days 99999 -in server.csr -signkey server.key -out server.crt 29rm -f server.csr 30 31# Now create the list of certificates we trust as a client. 32 33rm trusted.pem 34 35# For now we just trust our own server. 36openssl x509 -in server.crt -text >> trusted.pem 37 38# Also add the system standard CA cert chain. 39# cat /opt/local/etc/openssl/cert.pem >> trusted.pem 40 41# Convert .pem to .der 42# openssl x509 -outform der -in trusted.pem -out trusted.der 43 44# Convert .crt and .key to .p12 for use by Security.framework 45# Enter password "foo"! 46openssl pkcs12 -export -inkey server.key -in server.crt -name localhost -out server.p12 47