A Self-signed Certificate Creator For MacOS Running on top of built-in Apache Software

CreateSSLSelfSignedCertificate.sh

#!/usr/bin/env bash
echo "Enter Apache Virtual Host Name <ex: www.abc.com>:"
read _server_name

# The v3 file will sign a version 3 of the certificate and 
# will fix the missing.SubjectAltName problem in Chrome
cat > "/etc/apache2/ssl/v3.ext" << EOF1
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${_server_name}
EOF1

# Make sure that ssl folder exists under the apache root folder on MacOS
sudo mkdir -p /etc/apache2/ssl
sudo openssl genrsa -des3 -out /etc/apache2/ssl/rootCA.key 2048
sudo openssl req -x509 -new -nodes -key /etc/apache2/ssl/rootCA.key -sha256 -days 1024 -out /etc/apache2/ssl/rootCA.pem
sudo openssl req -new -sha256 -nodes -out /etc/apache2/ssl/${_server_name}.csr -newkey rsa:2048 -keyout /etc/apache2/ssl/${_server_name}.key
sudo openssl x509 -req -in /etc/apache2/ssl/${_server_name}.csr -CA /etc/apache2/ssl/rootCA.pem -CAkey /etc/apache2/ssl/rootCA.key -CAcreateserial -out /etc/apache2/ssl/${_server_name}.crt -days 365 -sha256 -extfile /etc/apache2/ssl/v3.ext
# Add the certificate to the keychain <make sure to always trust the certificate after the srcipt finishes
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/${_server_name}.crt

sudo rm /etc/apache2/ssl/rootCA.key
sudo rm /etc/apache2/ssl/rootCA.pem
sudo rm /etc/apache2/ssl/rootCA.srl
sudo rm /etc/apache2/ssl/${_server_name}.csr
sudo rm /etc/apache2/ssl/v3.ext

echo "DONE - Please add your vhosts file snippet for your virtual host and set the certificate to always trust in KeyChain \n"