twenty/packages/twenty-server/scripts/ssl-generation/README.md
2024-11-26 15:30:51 +00:00

2.4 KiB

Local SSL Certificate Generation Script

This Bash script helps generate self-signed SSL certificates for local development. It uses OpenSSL to create a root certificate authority, a domain certificate, and configures them for local usage.

Features

  • Generates a private key and root certificate.
  • Creates a signed certificate for a specified domain.
  • Adds the root certificate to the macOS keychain for trusted usage (macOS only).
  • Customizable with default values for easier use.

Requirements

  • OpenSSL

Usage

Running the Script

To generate certificates using the default values:

./script.sh

Specifying Custom Values

  1. Domain Name: Specify the domain name for the certificate. Default is localhost.com.
  2. Root Certificate Name: Specify a name for the root certificate. Default is myRootCertificate.
  3. Validity Days: Specify the number of days the certificate is valid for. Default is 398 days.

Examples:

  1. Using Default Values:

    ./script.sh
    
  2. Custom Domain Name:

    ./script.sh example.com
    
  3. Custom Domain Name and Root Certificate Name:

    ./script.sh example.com customRootCertificate
    
  4. Custom Domain Name, Root Certificate Name, and Validity Days:

    ./script.sh example.com customRootCertificate 398
    

Script Details

  1. Check if OpenSSL is Installed: Ensures OpenSSL is installed before executing.
  2. Create Directory for Certificates: Uses ~/certs/{domain}.
  3. Generate Root Certificate: Creates a root private key and certificate.
  4. Add Root Certificate to macOS Keychain: Adds root certificate to macOS trusted store (requires admin privileges).
  5. Generate Domain Key: Produces a private key for the domain.
  6. Create CSR: Generates a Certificate Signing Request for the domain.
  7. Generate Signed Certificate: Signs the domain certificate with the root certificate.

Output Files

The generated files are stored in ~/certs/{domain}:

  • Root certificate key: {root_cert_name}.key
  • Root certificate: {root_cert_name}.pem
  • Domain private key: {domain}.key
  • Signed certificate: {domain}.crt

Notes

  • If running on non-macOS systems, you'll need to manually add the root certificate to your trusted certificate store.
  • Ensure that OpenSSL is installed and available in your PATH.