mirror of
https://github.com/Gouryella/drip.git
synced 2026-02-23 21:00:44 +00:00
53 lines
1.6 KiB
Bash
Executable File
53 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Generate self-signed certificate for development/testing using ECDSA
|
|
# ECDSA provides better performance and smaller key size than RSA
|
|
# WARNING: Do NOT use self-signed certificates in production!
|
|
|
|
set -e
|
|
|
|
CERT_DIR="${1:-./certs}"
|
|
DOMAIN="${2:-localhost}"
|
|
DAYS=365
|
|
|
|
echo "🔒 Generating self-signed certificate for development..."
|
|
echo " Domain: $DOMAIN"
|
|
echo " Output directory: $CERT_DIR"
|
|
echo ""
|
|
|
|
# Create directory if it doesn't exist
|
|
mkdir -p "$CERT_DIR"
|
|
|
|
# Generate ECDSA private key (using P-256 curve)
|
|
openssl ecparam -genkey -name prime256v1 -out "$CERT_DIR/server.key"
|
|
|
|
# Generate certificate signing request
|
|
openssl req -new -key "$CERT_DIR/server.key" -out "$CERT_DIR/server.csr" \
|
|
-subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN"
|
|
|
|
# Generate self-signed certificate
|
|
openssl x509 -req -days $DAYS \
|
|
-in "$CERT_DIR/server.csr" \
|
|
-signkey "$CERT_DIR/server.key" \
|
|
-out "$CERT_DIR/server.crt" \
|
|
-extfile <(printf "subjectAltName=DNS:$DOMAIN,DNS:*.$DOMAIN")
|
|
|
|
# Clean up CSR
|
|
rm "$CERT_DIR/server.csr"
|
|
|
|
echo "✅ Certificate generated successfully!"
|
|
echo ""
|
|
echo "Files created:"
|
|
echo " Certificate: $CERT_DIR/server.crt"
|
|
echo " Private Key: $CERT_DIR/server.key"
|
|
echo ""
|
|
echo "Usage:"
|
|
echo " ./bin/drip server \\"
|
|
echo " --domain $DOMAIN \\"
|
|
echo " --tls-cert $CERT_DIR/server.crt \\"
|
|
echo " --tls-key $CERT_DIR/server.key"
|
|
echo ""
|
|
echo "⚠️ WARNING: This is a self-signed certificate for development only!"
|
|
echo " Clients will need to skip certificate verification (insecure)."
|
|
echo " For production, use --auto-tls or get a certificate from Let's Encrypt."
|