Simple zero-config tool to create Private Certificate Authority & issue locally-trusted development server certificates with any domain names you'd like. SSL certificates for development purposes.
Home Page: https://komarev.com/sources/pric
License: MIT License
sh pric.sh
!pric has been started
# Creating output directory
+ mkdir -p ./output
# Copying OpenSSL base config from defaults
+ cp ./openssl.base.default.cnf ./openssl.base.cnf
# Copying OpenSSL DNS config list from defaults
+ cp ./openssl.dns.default.cnf ./openssl.dns.cnf
# Compiling OpenSSL final config from intermediates
+ cat ./openssl.base.cnf ./openssl.dns.cnf > "./output/openssl.cnf"
# Creating !pric directory in operating system CA registry
+ sudo mkdir -p '/usr/local/share/ca-certificates/!pric'
Password:
# Generating Certificate Authority private key
+ openssl genrsa -out ./output/ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............................+++++
...............................+++++
e is 65537 (0x010001)
# Copying Certificate Authority private key to operating system CA registry
+ sudo cp ./output/ca.key '/usr/local/share/ca-certificates/!pric/ca.key'
# Generating Certificate Authority self-signed certificate
+ openssl req -x509 -new -nodes -key ./output/ca.key -sha256 -days 825 -subj '/O=\!pric/CN=localhost' -out ./output/ca.crt
# Copying Certificate Authority certificate to operating system CA registry
+ sudo cp ./output/ca.crt '/usr/local/share/ca-certificates/!pric/ca.crt'
# Updating operating system CA registry
Unsupported Linux Distributive: Solus
Create an issue on GitHub https://github.com/pric/pric/issues/new?title=Linux+distributive+Solus+not+supported
Command sh pric.sh should open interactive UI with following items:
sh pric.sh dnsh pric.sh cash.pric.sh scsh pric.sh qssh pric.sh dnTool to change domains list. It opens interactive UI with following items:
sh pric.sh dn --list - display domains listsh pric.sh dn --add="*.test.localhost" - add domain to the listsh pric.sh dn --remove="*.test.localhost" - remove domain from the listsh pric.sh dn --replace="localhost,*.test.localhost" - replace all domains in the listsh pric.sh qsQick Start (current behavior): create all directories, missing configs, generate CA, add CA to trusted, generate server certificate
Command:
(set -x; cat ${OUTPUT_SERVER_CERTIFICATE} ${CA_CERTIFICATE} ${OUTPUT_SERVER_PRIVATE_KEY} > "${CERTIFICATE_CHAIN}")Expected Output:
+ cat ./output/localhost.crt /usr/local/share/ca-certificates/!pric/ca.crt ./output/localhost.key > ~/localhost-certificate.pemActual Output:
+ cat ./output/localhost.crt /usr/local/share/ca-certificates/!pric/ca.crt ./output/localhost.keyRename /usr/local/share/ca-certificates/pric/ to /usr/local/share/ca-certificates/!pric/ to follow same naming convention. Then CA directory will be listed as first item and it's first character exclamation sign telling that it's something dangerous yet very important.
Need to add ability to add new domains to the DNS list dynamically.
dns.cnf to dns.default.cnfdns.cnf to .gitignoresh pric.sh launch if there is no dns.cnf file exists - copy dns.default.cnf to it@orangecoloured could you test pric on mac os, please?
TODO
Follow up to #7
!pric throws error on include openssl.dns.cnf in openssl.cnf config file on Mac OS:
+ openssl req -new -key ./output/localhost.key -config ./openssl.cnf -subj '/O=\!pric/CN=localhost' -out ./output/localhost.csr
error on line 368 of ./openssl.cnf
4409359852:error:0EFFF065:configuration file routines:CRYPTO_internal:missing equal sign:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/crypto/conf/conf_def.c:344:line 368Line 368 in 1fe109a
Arch uses trust to update operating system CA registry.
openssl.cnf should be added to .gitignore file.
On pric run create openssl.cnf file from openssl.cnf.example if config is missing.
This gives developer ability to overwrite default openssl config file and it will be untouched.
I have downloaded and compete all steps but it's not working on the localhost.
here is log
pric has been started
Creating output directory
+ mkdir -p ./output
Creating pric directory in Operating System CA registry
+ sudo mkdir -p /usr/local/share/ca-certificates/pric
Generating Certificate Authority private key
+ openssl genrsa -out ./output/ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
.........................................+++++
e is 65537 (0x010001)
Copying Certificate Authority private key to Operating System CA registry
+ sudo cp ./output/ca.key /usr/local/share/ca-certificates/pric/ca.key
Generating Certificate Authority self-signed certificate
+ openssl req -x509 -new -nodes -key ./output/ca.key -sha256 -days 36500 -subj /O=\!pric/CN=localhost -out ./output/ca.crt
Copying Certificate Authority certificate to Operating System CA registry
+ sudo cp ./output/ca.crt /usr/local/share/ca-certificates/pric/ca.crt
Updating Operating System CA registry
+ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Generating localhost private key
+ openssl genrsa -out ./output/localhost.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.................+++++
................................................+++++
e is 65537 (0x010001)
Generating localhost certificate signing request
+ openssl req -new -key ./output/localhost.key -config openssl.cnf -subj /O=\!pric/CN=localhost -out ./output/localhost.csr
Generating localhost certificate signed by Certificate Authority
+ openssl x509 -req -extensions v3_req -extfile openssl.cnf -in ./output/localhost.csr -CA /usr/local/share/ca-certificates/pric/ca.crt -CAkey ./output/ca.key -CAcreateserial -CAserial ./output/ca.srl -days 36500 -sha256 -out ./output/localhost.crt
Signature ok
subject=O = !pric, CN = localhost
Getting CA Private Key
Compiling PEM certificate chain
+ cat ./output/localhost.crt /usr/local/share/ca-certificates/pric/ca.crt ./output/localhost.key
Here is how we could add self-signed certificate to trusted on mac:
# Add certificate to the trusted root store
sudo security add-trusted-cert \
-d -r trustRoot \
-k /Library/Keychains/System.keychain ./output/ca.crtNeed to check if it's working.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.