Rustelo/scripts/utils/generate_certs.sh

#!/bin/bash

# Generate TLS certificates for development
# This script creates self-signed certificates for local development only
# DO NOT use these certificates in production

set -e

# Create certs directory if it doesn't exist
mkdir -p certs

# Change to certs directory
cd certs

# Generate private key
echo "Generating private key..."
openssl genrsa -out key.pem 2048

# Generate certificate signing request
echo "Generating certificate signing request..."
openssl req -new -key key.pem -out cert.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=localhost"

# Generate self-signed certificate
echo "Generating self-signed certificate..."
openssl x509 -req -days 365 -in cert.csr -signkey key.pem -out cert.pem

# Create certificate with Subject Alternative Names for localhost
echo "Creating certificate with SAN..."
cat > cert.conf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
C = US
ST = State
L = City
O = Organization
OU = OrgUnit
CN = localhost

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
IP.1 = 127.0.0.1
IP.2 = ::1
EOF

# Generate new certificate with SAN
openssl req -new -x509 -key key.pem -out cert.pem -days 365 -config cert.conf -extensions v3_req

# Clean up
rm cert.csr cert.conf

echo "✅ TLS certificates generated successfully!"
echo "📁 Certificates saved to: $(pwd)"
echo "🔐 Certificate: cert.pem"
echo "🔑 Private key: key.pem"
echo ""
echo "⚠️  These are self-signed certificates for development only!"
echo "⚠️  Your browser will show security warnings - this is normal for self-signed certs"
echo ""
echo "To use HTTPS, set SERVER_PROTOCOL=https in your .env file"
echo "The certificate paths are already configured in .env.example"
chore: add scripts 2025-07-07 23:53:50 +01:00			`#!/bin/bash`

			`# Generate TLS certificates for development`
			`# This script creates self-signed certificates for local development only`
			`# DO NOT use these certificates in production`

			`set -e`

			`# Create certs directory if it doesn't exist`
			`mkdir -p certs`

			`# Change to certs directory`
			`cd certs`

			`# Generate private key`
			`echo "Generating private key..."`
			`openssl genrsa -out key.pem 2048`

			`# Generate certificate signing request`
			`echo "Generating certificate signing request..."`
			`openssl req -new -key key.pem -out cert.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=localhost"`

			`# Generate self-signed certificate`
			`echo "Generating self-signed certificate..."`
			`openssl x509 -req -days 365 -in cert.csr -signkey key.pem -out cert.pem`

			`# Create certificate with Subject Alternative Names for localhost`
			`echo "Creating certificate with SAN..."`
			`cat > cert.conf <<EOF`
			`[req]`
			`distinguished_name = req_distinguished_name`
			`req_extensions = v3_req`
			`prompt = no`

			`[req_distinguished_name]`
			`C = US`
			`ST = State`
			`L = City`
			`O = Organization`
			`OU = OrgUnit`
			`CN = localhost`

			`[v3_req]`
			`keyUsage = keyEncipherment, dataEncipherment`
			`extendedKeyUsage = serverAuth`
			`subjectAltName = @alt_names`

			`[alt_names]`
			`DNS.1 = localhost`
			`DNS.2 = 127.0.0.1`
			`IP.1 = 127.0.0.1`
			`IP.2 = ::1`
			`EOF`

			`# Generate new certificate with SAN`
			`openssl req -new -x509 -key key.pem -out cert.pem -days 365 -config cert.conf -extensions v3_req`

			`# Clean up`
			`rm cert.csr cert.conf`

			`echo "✅ TLS certificates generated successfully!"`
			`echo "📁 Certificates saved to: $(pwd)"`
			`echo "🔐 Certificate: cert.pem"`
			`echo "🔑 Private key: key.pem"`
			`echo ""`
			`echo "⚠️ These are self-signed certificates for development only!"`
			`echo "⚠️ Your browser will show security warnings - this is normal for self-signed certs"`
			`echo ""`
			`echo "To use HTTPS, set SERVER_PROTOCOL=https in your .env file"`
			`echo "The certificate paths are already configured in .env.example"`