localhost TLS mini CA including wildcard certs for *.m.localhost
This commit is contained in:
fkwp
19
backend/dev_tls_local-ca.crt
Normal file
19
backend/dev_tls_local-ca.crt
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDGjCCAgKgAwIBAgIUGdiFHhH4KL2pqBjMQHQ+PVIkSV8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy
|
||||||
|
MDJaFw0zNTA1MDMxMDMyMDJaMB4xHDAaBgNVBAMME0VsZW1lbnQgQ2FsbCBEZXYg
|
||||||
|
Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2y0hjmNn1vRsVSdy
|
||||||
|
8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH9jdT
|
||||||
|
tG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeFw9fw
|
||||||
|
eRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZNWnie
|
||||||
|
Ui7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAveL9K
|
||||||
|
FGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BLPiQU
|
||||||
|
KGKrAgMBAAGjUDBOMB0GA1UdDgQWBBQJqBjMu61c1p24txw/y+kv3D+V6DAfBgNV
|
||||||
|
HSMEGDAWgBQJqBjMu61c1p24txw/y+kv3D+V6DAMBgNVHRMEBTADAQH/MA0GCSqG
|
||||||
|
SIb3DQEBCwUAA4IBAQB8m2YfFGLugNt5vAAOvNxVqDA8c72yCVYr3CBCpmTIEY5Z
|
||||||
|
d3qVGhG9//ux6+J8ntkSwd9nV5GJyYXHukCG1VavnAWolWdNF/WAllf0jhLuz7kD
|
||||||
|
/cJnuI1By4tBsBmSz851i6HJ4t5k99Be+6GQVzi0e7zzfxTHZE4xP2J6Ox8QbPsP
|
||||||
|
n0m76nIp/WbWaJqzvIIjJhmUUPPv+4wN+eOArgjiGLzptM2qTtGZtd0c9nS5gvep
|
||||||
|
+mEbSUN9zkhAroZf80wf+hEvy+fJ94VbZ9QjTzTg7odZLrsXGIe8DaG63EYRQ25b
|
||||||
|
W5iYBAreln5fGSt7qHsGfqwZibTEk/Lx3dydO1Kg
|
||||||
|
-----END CERTIFICATE-----
|
||||||
28
backend/dev_tls_local-ca.key
Normal file
28
backend/dev_tls_local-ca.key
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA2y0hjmNn1vRs
|
||||||
|
VSdy8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH
|
||||||
|
9jdTtG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeF
|
||||||
|
w9fweRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZN
|
||||||
|
WnieUi7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAv
|
||||||
|
eL9KFGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BL
|
||||||
|
PiQUKGKrAgMBAAECggEAAPX2kxi5AQ7ul82SzT1KgpSXyDHLdYaUyAoYnaX9RO+B
|
||||||
|
8ylmpyeqygs4+KQS4EMJm9jpo85Oy37bIKdG3kljU6wQcKlL5Y+ZUOo1nzpV6fid
|
||||||
|
hGVs6ts8VXw8KshKQ9AyccZ8L/pirUfgOffgTwfjY7/90zceAL/s98GuZWc62nkX
|
||||||
|
55joQv/OikqYfAGP/U6Bp2Zyf23DwJB09Z3B6NnZj/ZyAbDrDEHuA15LhCOcCczp
|
||||||
|
IU/mFEywBPHT9Tg4w4Beq78PeAETvku2UalYRLhP3RLlXr2oEbwUtINRVt2QjZ85
|
||||||
|
Esps4uCqL/mgQluIebtudD9HL/YMlNPXue1mDXFxJQKBgQDgZZY4yJBcf488T1V6
|
||||||
|
HNm06b/LvVGj253pKgw14hpY1xQu3Ymgzv1GEqzhSYdzxhpmj0tMUNHxAp+YdGQu
|
||||||
|
SZ0wcPKhw0aYVkIjDRYDC3Wn5GJhyIEYHGYMo/n4l49UzHRBPOTDzp49DkHTKBgh
|
||||||
|
XgIIazYT3CkjTIMRrkUv+qfIPQKBgQDcBGu/mqbjxs4sN3zqPS4aB21o6t6W0sXs
|
||||||
|
ZP9w6RlTPQi5U2oRbftjZtYc0bbEgkMUImB1HwYPQT5pJ+MyC414xDvSc2exBr5d
|
||||||
|
To6yyPIy78Tf5PHM12fpKV92nSvoz/pSjYcGxxDtKfPqu+t8mOJfjCV1lLLA+xuB
|
||||||
|
DDaE4p8dBwKBgQCdAne6A5v/HMH8UQZeCxHJpESvKiiVnnU/UEx651nID7XvlNNX
|
||||||
|
0X0mKqsMd4ZvW43ddSYan/JF0LAa3FW8jYWO/3jF9vzOWoysOdvNBZetgf/Uq5ao
|
||||||
|
aDZ/YbzmVCXWD7jIbPMkjs3pqrAkL0mzDzQc7+dGviWKrV6IYIfIqnn7gQKBgDCz
|
||||||
|
vdIk/qpO+JZrFfiX4Fucp0hhLTJ/p5ZDaRPqVVPKn+K+Jy2ChfIj8mNgvK9VEloj
|
||||||
|
nexvGJ1J2PHYBX+vdPp1nbRhHWPfVUY8PHQw7QP/dToGaMvqJrNDGEGeWvjnCMc7
|
||||||
|
UtdaO1H0Rm0AegkTopB56lTTvJnhO95eALd7nrMDAoGAEPdzJtWoKafp49svhSj0
|
||||||
|
hiXQv2SPBwVUN4LZ4SOWiXUcmYYm80aNpYKLkBxYjrfqFWhE7NUHLGp8YorQWKY2
|
||||||
|
acD9AReHk/xku0ABy6jeYmSCmCxASxst5liKD+l12sk0gB0rk5MBxB4Uu1MIbQZ2
|
||||||
|
aCASX3AVD2/XyC2MKkzc8Eg=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
20
backend/dev_tls_m.localhost.crt
Normal file
20
backend/dev_tls_m.localhost.crt
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDXDCCAkSgAwIBAgIUXizLjwkdqepX0bh0K3abeJxj68AwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy
|
||||||
|
MDJaFw0zNTA1MDMxMDMyMDJaMBgxFjAUBgNVBAMMDSoubS5sb2NhbGhvc3QwggEi
|
||||||
|
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbr79gttr7X8j+ISfdCV53PD8f
|
||||||
|
R6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1UiLSNL0GHisclB
|
||||||
|
5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8f75g9CdeVDmv
|
||||||
|
Kw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS2wV3DYqdSXoa
|
||||||
|
xWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/IJ2SDIaUiI++R
|
||||||
|
4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZaQ0bAzPDAgMB
|
||||||
|
AAGjgZcwgZQwHwYDVR0jBBgwFoAUCagYzLutXNaduLccP8vpL9w/legwCQYDVR0T
|
||||||
|
BAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4w
|
||||||
|
HIILbS5sb2NhbGhvc3SCDSoubS5sb2NhbGhvc3QwHQYDVR0OBBYEFJgJZkgE6cem
|
||||||
|
HbSQ7P47rVhmeWjHMA0GCSqGSIb3DQEBCwUAA4IBAQBDocJIUHVxNvbvigPyZvZa
|
||||||
|
uAmj5eqhf8fDNtQM2tl8AuzOJm0TlggUuKDQNM6zRBXVHQRhCmtaZ3CMkmkTNNhH
|
||||||
|
aMfG7o/JVvQsxIuORMvAnPlivla2DgiEWr/NEaWISlINMov44DysOyupbHRXcbKd
|
||||||
|
WWB1cA+D5ZNb8ivOPT1edNSGavAiyEaCPA/qqGFZwq54EtJKIuteqV1UGn1nYD/W
|
||||||
|
a0niB157moRtlnzwNfwDDeW1Y4HBbuVkX2sipCO+HC6sn7Vni90LzK9zBolaWXTw
|
||||||
|
RxauTzS9IvtU1G/Gv5/VRzhzIb+ds2jEsdLLnBlTyA+Jh2Cqs002t7QJki6Qto5p
|
||||||
|
-----END CERTIFICATE-----
|
||||||
28
backend/dev_tls_m.localhost.key
Normal file
28
backend/dev_tls_m.localhost.key
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbr79gttr7X8j+
|
||||||
|
ISfdCV53PD8fR6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1Ui
|
||||||
|
LSNL0GHisclB5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8
|
||||||
|
f75g9CdeVDmvKw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS
|
||||||
|
2wV3DYqdSXoaxWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/I
|
||||||
|
J2SDIaUiI++R4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZ
|
||||||
|
aQ0bAzPDAgMBAAECggEARLRazvnzCnLbVrbYCjX7v7/RFWM9/OKRWnJ6p2uULWE4
|
||||||
|
FaoDFuaJHSHJU8AXYegfiiTi1+ylxtrcr4/e3zKvN+UAbXlYzgnOFCHwGoFcrJtK
|
||||||
|
EnQhJiIsenX2lLCe9755rznIzScGY+0/ChoPsGaexwSBTlnAQL6HykVbMfKOz03H
|
||||||
|
ywEx4g3AK1rgTnqNLFHkl+1ainoW6ffeM6thMD/bObGz+PoGSMqbTA80TGMswgMN
|
||||||
|
Ipnt0AwSgKweLmYG00t667c9htxY6DPRUoJ55dqsAFS8VMa4hhcslyhktPXTGEXh
|
||||||
|
x2r8UAFavEo2IdRnR8vfNfOv6twsWSHTVRGc7qmKDQKBgQDX0HnMAnBb8KB1zj/O
|
||||||
|
1prhAlhc6Jtwf3s5Hm/2MW0Jg/u7bZx81s206rvcTJtUJ2ROH+K7Rx3iASWzcsuW
|
||||||
|
XljCWA9G156SuOBE6mIS1EMI1EKgjbJBru1cOco6AIwI0SuJKcEX/1RtzoBbIIbZ
|
||||||
|
qhn99RszqAKDjw1iqbpyZCX5PQKBgQC4rRLsMTVvFTqWPEAA7SeJr3LZF+eoap/U
|
||||||
|
1+MA+J49D5ykQMFHjL1VSdfWgKIm3i4xDbDLAX1BYELxeKVLIp6CL808zEldGQy5
|
||||||
|
g+O4dJlmz1PUGorb28qKGJnfwXK7F5tJuX+NgQM2zJnueyTv+fsskBp79CWNQvzr
|
||||||
|
ueG41o6w/wKBgG7sA+3LQxy+LHrgKwOQYcJMhkYad+n2W8sbzcfn13cQkw3eZJP1
|
||||||
|
g3z9ONkdtqgmJvPQh6RiBQXoOQxmcCU1EMGyqQdsQ2B+DSbeoNG0r0+WaThEG96O
|
||||||
|
ngjM2xe8uDy/5XR2NXy0Cxz1ChvMOAMf3oQcuoJuU/xyRhrzyZSJzMqxAoGAH8hx
|
||||||
|
nEKvzolZxudhoIcwKcsPOfuaO+r1zPzGrbEcEqgwLjiSywyWvSnzQpBq18OfMYQI
|
||||||
|
rDd6Zhj6DHLWB8NSgldVvCPwcFxSS08+js1KZV5DMBrNUR9XkULAoLi7VSWv7RVG
|
||||||
|
tYTBl9nImDmLVt2v87BtTm3rVI911d/s0BHlBuMCgYEAs0AFMsTE+22Y44JMcTAE
|
||||||
|
OeHEsEDXI5cTlcNmwFKWY+UCZnb2FXflO2XNeqyi6ReYMUyBI2wHdUGvh2B1c2Ac
|
||||||
|
3z/SShBLS7bMGgyvYE/By1xnemiy+6vG2NIYHKExZfOphx8rDTfm5Qlj6LxstY9+
|
||||||
|
Tx2VzAs01UIZGDhJ94u5imo=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
37
backend/dev_tls_setup
Normal file
37
backend/dev_tls_setup
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Step 1: Create a Root CA key and cert
|
||||||
|
openssl genrsa -out dev_tls_local-ca.key 2048
|
||||||
|
openssl req -x509 -new -nodes \
|
||||||
|
-days 3650 \
|
||||||
|
-subj "/CN=Element Call Dev CA" \
|
||||||
|
-key dev_tls_local-ca.key \
|
||||||
|
-out dev_tls_local-ca.crt \
|
||||||
|
-sha256 -addext "basicConstraints=CA:TRUE"
|
||||||
|
|
||||||
|
# Step 2: Create a private key and CSR for *.m.localhost
|
||||||
|
openssl req -new -nodes -newkey rsa:2048 \
|
||||||
|
-keyout dev_tls_m.localhost.key \
|
||||||
|
-out dev_tls_m.localhost.csr \
|
||||||
|
-subj "/CN=*.m.localhost"
|
||||||
|
|
||||||
|
# Step 3: Sign the CSR with your CA
|
||||||
|
openssl x509 \
|
||||||
|
-req -in dev_tls_m.localhost.csr \
|
||||||
|
-CA dev_tls_local-ca.crt -CAkey dev_tls_local-ca.key \
|
||||||
|
-CAcreateserial \
|
||||||
|
-out dev_tls_m.localhost.crt \
|
||||||
|
-days 3650 \
|
||||||
|
-sha256 \
|
||||||
|
-extfile <( cat <<EOF
|
||||||
|
authorityKeyIdentifier=keyid,issuer
|
||||||
|
basicConstraints=CA:FALSE
|
||||||
|
keyUsage = digitalSignature, keyEncipherment
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[alt_names]
|
||||||
|
DNS.1 = m.localhost
|
||||||
|
DNS.2 = *.m.localhost
|
||||||
|
EOF
|
||||||
|
)
|
||||||
Reference in New Issue
Block a user