关键词:
#!/usr/bin/env bash
# A basic Self Signed SSL Certificate utility
# by Andrea Giammarchi @WebReflection
# WARNING: Possible Security Hazard!
# https://www.webreflection.co.uk/blog/2015/08/08/bringing-ssl-to-your-private-network
# # to make it executable and use it
# $ chmod +x certificate
# $ ./certificate # to read the how-to
about()
echo "/C=LN/ST=Intranet/L=Local/O=Local\\ Network/OU=Network/CN=$1/emailAddress=local@network"
android_generation()
local server=$1
openssl x509 \
-in "$server.crt" \
-outform DER \
-out "$server.der"
check()
local server=$1
local when=$(openssl x509 -in "$server.crt" -noout -enddate)
icho "Expires in [*]$when:9[/]"
create()
local server=$1
local subj=$(about $server)
local CA="$serverCA"
echo ''
echo '-----------------------------'
icho ' [*]generating certificate[/]'
echo '-----------------------------'
openssl req -x509 -nodes -days 365 \
-newkey rsa:2048 \
-subj "$subj" \
-keyout "$server.key" \
-out "$server.crt" \
-reqexts v3_req \
-extensions v3_ca
android_generation "$server"
echo '-----------------------------'
icho "[g]OK[/] [*]$(check $server)[/]"
echo ''
update()
local server=$1
local subj=$(about $server)
echo ''
echo '-----------------------------'
icho ' [*]updating certificate[/]'
echo '-----------------------------'
echo $(check $server)
cp "$server.crt" "$server.crt.bck"
cp "$server.der" "$server.der.bck"
cp "$server.key" "$server.key.bck"
openssl req -x509 -nodes -new -days 365 \
-subj "$subj" \
-key "$server.key" \
-out "$server.crt" \
-reqexts v3_req \
-extensions v3_ca
android_generation "$server"
echo '-----------------------------'
icho "[g]OK[/] [*]$(check $server)[/]"
echo ''
isCertificateThere()
if [ ! -f "$1.crt" ]; then
icho ' [*][r][Warning][/] you need to create a certificate first'
icho " example: [*]certificate create $1[/]"
echo ''
exit 1
fi
# slightly enriched echo
# - - - - - - - - - - - - - -
# by Andrea Giammarchi
icho()
# resets
local reset_all=$(tput sgr0) # [/] usable as reset for each style
local reset_color=$(tput setaf 9) # [/(d|r|g|y|b|m|c|w)]
local reset_bgcolor=$(tput setab 9) # [/(bd|br|bg|by|bb|bm|bc|bw)]
local reset_underline=$(tput rmul) # [/_]
# colors
local black=$(tput setaf 0) # [d]dark[/d]
local red=$(tput setaf 1) # [r]red[/r]
local green=$(tput setaf 2) # [g]green[/g]
local yellow=$(tput setaf 3) # [y]yellow[/y]
local blue=$(tput setaf 4) # [b]blue[/b]
local magenta=$(tput setaf 5) # [m]magenta[/m]
local cyan=$(tput setaf 6) # [c]cyan[/c]
local white=$(tput setaf 7) # [w]white[/w]
# background colors
local bgblack=$(tput setab 0) # [bd]bg dark[/bd]
local bgred=$(tput setab 1) # [br]bg red[/br]
local bggreen=$(tput setab 2) # [bg]bg green[/bg]
local bgyellow=$(tput setab 3) # [by]bg yellow[/by]
local bgblue=$(tput setab 4) # [bb]bg blue[/bb]
local bgmagenta=$(tput setab 5) # [bm]bg magenta[/bm]
local bgcyan=$(tput setab 6) # [bc]bg cyan[/bc]
local bgwhite=$(tput setab 7) # [bw]bg white[/bw]
# styles
local start_under=$(tput smul) # [_][/_]
local start_bold=$(tput bold) # [*][/*]
# [*][/]
# not implemented
# rev Start reverse video
# blink Start blinking text
# invis Start invisible text
# smso Start "standout" mode
# rmso End "standout" mode
# phrase replacement
local phrase=$(echo "$1" |
sed -e "s/\[\*\]/\\$start_bold/g" | sed -e "s/\[\/\*\]/\\$reset_all/g" |
sed -e "s/\[_\]/\\$start_under/g" | sed -e "s/\[\/_\]/\\$reset_underline/g" |
sed -e "s/\[d\]/\\$black/g" | sed -e "s/\[\/d\]/\\$reset_color/g" |
sed -e "s/\[r\]/\\$red/g" | sed -e "s/\[\/r\]/\\$reset_color/g" |
sed -e "s/\[g\]/\\$green/g" | sed -e "s/\[\/g\]/\\$reset_color/g" |
sed -e "s/\[y\]/\\$yellow/g" | sed -e "s/\[\/y\]/\\$reset_color/g" |
sed -e "s/\[b\]/\\$blue/g" | sed -e "s/\[\/b\]/\\$reset_color/g" |
sed -e "s/\[m\]/\\$magenta/g" | sed -e "s/\[\/m\]/\\$reset_color/g" |
sed -e "s/\[c\]/\\$cyan/g" | sed -e "s/\[\/c\]/\\$reset_color/g" |
sed -e "s/\[w\]/\\$white/g" | sed -e "s/\[\/w\]/\\$reset_color/g" |
sed -e "s/\[bd\]/\\$bgblack/g" | sed -e "s/\[\/bd\]/\\$reset_bgcolor/g" |
sed -e "s/\[br\]/\\$bgred/g" | sed -e "s/\[\/br\]/\\$reset_bgcolor/g" |
sed -e "s/\[bg\]/\\$bggreen/g" | sed -e "s/\[\/bg\]/\\$reset_bgcolor/g" |
sed -e "s/\[by\]/\\$bgyellow/g" | sed -e "s/\[\/by\]/\\$reset_bgcolor/g" |
sed -e "s/\[bb\]/\\$bgblue/g" | sed -e "s/\[\/bb\]/\\$reset_bgcolor/g" |
sed -e "s/\[bm\]/\\$bgmagenta/g" | sed -e "s/\[\/bm\]/\\$reset_bgcolor/g" |
sed -e "s/\[bc\]/\\$bgcyan/g" | sed -e "s/\[\/bc\]/\\$reset_bgcolor/g" |
sed -e "s/\[bw\]/\\$bgwhite/g" | sed -e "s/\[\/bw\]/\\$reset_bgcolor/g" |
sed -e "s/\[\/\]/\\$reset_all/g"
)
echo -e "$phrase$reset_all"
echo ''
case $1 in
check)
isCertificateThere $2
check $2
;;
clean)
isCertificateThere $2
rm -f $2.crt,der,key.bck
icho 'all [*]clean[/]'
;;
create)
create $2
;;
test)
isCertificateThere $2
icho '- - - - - - - - - - - [*]visit[/]'
node -e "'use strict';
var
fs = require('fs'),
server = '$2',
port = parseInt('$3' || 8080, 10),
onSW = function (res)
res.writeHead(200, 'Content-Type':'application/javascript');
res.end();
,
script = ''.concat(
'<script>trynavigator.serviceWorker.register(\"/sw.js\").then(',
function ()
document.body.appendChild(
document.createElement(\"p\")
).innerHTML = 'Service Worker is <strong>supported</strong>';
,
').catch(',
function ()
document.body.appendChild(
document.createElement(\"p\")
).innerHTML = 'Service Worker is <strong>NOT supported</strong>';
,
')catch(e)',
'document.body.appendChild(',
'document.createElement(\"p\")',
').innerHTML=\"This browser has no Service Worker\"',
'</script>'
)
;
require('https')
.createServer(
key: fs.readFileSync(server + '.key'),
cert: fs.readFileSync(server + '.crt')
,
function (req, res)
if (req.url=='/sw.js') return onSW(res);
res.writeHead(200, 'Content-Type': 'text/html');
res.end('<!DOCTYPE html>'.concat(
'<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\">',
'<style>*font-family:sans-serif;</style>',
'<strong><span style=\"color:green;\">✔</span> Hello HTTPS</strong>',
script
));
).listen(port, server, showInfo);
require('http')
.createServer(
function (req, res)
switch (req.url)
case ('/sw.js'):
onSW(res);
break;
case ('/' + server + '.crt'):
case ('/' + server + '.der'):
res.writeHead(200, 'Content-Type': 'application/x-x509-ca-cert');
fs.createReadStream(req.url.slice(1)).pipe(res);
break;
default:
res.writeHead(200);
res.end('<!DOCTYPE html>'.concat(
'<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0\">',
'<style>*font-family:sans-serif;aline-height:42px;limargin-bottom:36px;</style>',
'<ul>',
'<li><a href=\"/', server, '.crt\">download ', server, '.crt</a><br/><small>iOS, Windows Phone and Desktop</small></li>',
'<li><a href=\"/', server, '.der\">download ', server, '.der</a><br/><small>Blackberry and maybe Android</small></li>',
'<li><a href=\"https://', server, ':', port, '/\" style=\"font-size:small;\">try https</a></li>',
'</ul>',
script
));
break;
).listen(port + 1, server, showInfo);
function showInfo()
var
addres = this.address(),
isHTTPS = addres.port == port,
prefix = isHTTPS ?
'HTTPS https' :
'Download Certificate http'
;
console.log(prefix + '://' + addres.address + ':' + addres.port + '/');
"
;;
update)
isCertificateThere $2
update $2
;;
*)
icho "
[*][About][/]
a basic Self Signed SSL Certificate utility
by Andrea Giammarchi @WebReflection
[*][Usage][/]
./certificate [check|create|test|update] servername|ip [port]
[*][Examples][/]
# [*]create[/] a new certificate
./certificate create 192.168.1.10
# [*]verify[/] its expiring date
./certificate check 192.168.1.10
# [*]update[/] its expiring date
certificate update 192.168.1.10
# [*]create[/] both http and https pages
# one to download the right certificate
# the other one to test the page
./certificate test 192.168.1.10 1337
"
;;
esac
echo ''
sh创建自签名ssl证书(代码片段)
查看详情
sh生成带有2行的自签名证书(代码片段)
查看详情
sh无提示生成自签名ssl证书(代码片段)
查看详情
inimacossierra和chrome上的自签名ssl证书(代码片段)
查看详情
sh为nginx#ssl#nginx创建自签名ssl证书(代码片段)
查看详情
sh自签名的ssl证书ubuntu和apache(代码片段)
查看详情
sh在osx上使用通配符和备用名称创建ssl证书签名请求(代码片段)
查看详情
sh这是一个shell脚本,用于自动生成https托管站点的自签名证书。(代码片段)
查看详情
使用 AFNetworking 2.3.1 的自签名 SSL 证书
】使用AFNetworking2.3.1的自签名SSL证书【英文标题】:self-signedSSLcertificateusingAFNetworking2.3.1【发布时间】:2014-07-2208:21:50【问题描述】:我正在尝试在我的iOS应用程序中使用自签名证书.cer。我遵循了这个不错的教程:http://initwithfunk... 查看详情
sh笔记:openssl生成「自签名」证书,配置nodejs本地https服务-7.通过macos下的keychian.app打开ssl.crt(代码片段)
查看详情
为啥我无法获得与 Wamp 2.4.4 一起使用的自签名证书 (ssl)?
】为啥我无法获得与Wamp2.4.4一起使用的自签名证书(ssl)?【英文标题】:Whycan\'tIgetaselfsignedcertificate(ssl)toworkwithWamp2.4.4?为什么我无法获得与Wamp2.4.4一起使用的自签名证书(ssl)?【发布时间】:2014-03-0915:42:47【问题描述】:我是SSL... 查看详情
SSL证书问题:证书链中的自签名证书
】SSL证书问题:证书链中的自签名证书【英文标题】:SSLcertificateproblem:selfsignedcertificateincertificatechain【发布时间】:2019-12-1103:33:29【问题描述】:我最近升级了我的InteliijIDEA2019.2,如果我尝试从我的IDE中提取,我会遇到错误GitPu... 查看详情
如何创建用于 Tomcat 的自签名 SSL 证书?
】如何创建用于Tomcat的自签名SSL证书?【英文标题】:HowtocreateaselfsignedSSLcertificateforusewithTomcat?【发布时间】:2017-07-2108:22:03【问题描述】:我想生成一个自签名SSL证书,并将其与Tomcat一起使用。我该怎么做?【问题讨论】:【... 查看详情
在 Java 客户端中接受服务器的自签名 ssl 证书
】在Java客户端中接受服务器的自签名ssl证书【英文标题】:Acceptserver\'sself-signedsslcertificateinJavaclient【发布时间】:2011-02-2301:01:25【问题描述】:这似乎是一个标准问题,但我在任何地方都找不到明确的方向。我有java代码试图连... 查看详情
为localhost创建受信任的自签名ssl证书(用于express/node)(代码片段)
尝试遵循有关创建自签名证书以与localhost一起使用的各种说明,大多数说明似乎适用于IIS,但我正在尝试使用Nodejs/Express。它们都没有正常工作,因为在安装证书时,它不受信任。这是我尝试过的失败:HowcanIcreateaself-signedcertforlo... 查看详情
配置 WEBrick 以使用自动生成的自签名 SSL/HTTPS 证书
】配置WEBrick以使用自动生成的自签名SSL/HTTPS证书【英文标题】:ConfigureWEBricktouseautomaticallygeneratedself-signedSSL/HTTPScertificate【发布时间】:2014-04-0515:04:23【问题描述】:我想使用SSL/HTTPS在本地开发我的RubyonRails应用程序,但是我在... 查看详情
使用 https.request 忽略 node.js 中无效的自签名 ssl 证书?
】使用https.request忽略node.js中无效的自签名ssl证书?【英文标题】:Ignoreinvalidself-signedsslcertificateinnode.jswithhttps.request?【发布时间】:2012-06-0822:58:39【问题描述】:我正在开发一个登录本地无线路由器(Linksys)的小应用程序,但我... 查看详情
nodejsmongoose抛出一个错误。"证书链中的自签名证书"(代码片段)
我使用mongoose连接到mongodb,并启用了ssl选项。我写了以下代码。varcertFileBuf=fs.readFileSync(config.db[name].sslCertPath);conn[name]=mongoose.createConnection(config.db[name].conn,user:config.db[name].user,pwd:config.db[n 查看详情