local-ssl-cert

A bash script to create and manage SSL certificates for local development environments.

Built with the help of Claude

Features

• Generate self-signed SSL certificates for local development
• Support for custom domains and wildcards
• System-wide certificate installation
• Cross-platform support (Ubuntu, Debian, Fedora, RedHat, CentOS)
• Configurable certificate attributes
• XDG base directory compliance

Prerequisites

• OpenSSL
• sudo privileges (for system-wide installation)

Installation

1. Download the script:

sudo curl -o /usr/local/bin/local-ssl-cert https://raw.githubusercontent.com/clove3am/local-ssl-cert/main/local-ssl-cert.sh

2. Make it executable:

chmod +x /usr/local/bin/local-ssl-cert

Usage

Basic Usage

Create a certificate for localhost:

local-ssl-cert

Create and install a certificate for a custom domain:

local-ssl-cert --domain mysite.local --install

Options

-h, --help                Show help message
-d, --domain DOMAIN       Set custom domain (default: localhost)
-o, --output-dir DIR      Set output directory (default: ${XDG_CONFIG_HOME}/local-certs)
-v, --valid-days DAYS     Set certificate validity in days (default: 365)
-i, --install             Install the root certificate system-wide
-u, --uninstall           Uninstall the root certificate
-p, --password PASS       Set the password for the PKCS12 export (default: p12pass)
--country CODE            Set country code (default: US)
--state STATE             Set state/province (default: California)
--locality LOCALITY       Set locality/city (default: San Francisco)
--org ORGANIZATION        Set organization (default: Local Development)
--org-unit UNIT          Set organizational unit (default: Development)
--email EMAIL            Set email address (default: dev@localhost)

Examples

Create a certificate valid for 2 years:

local-ssl-cert --domain myapp.local --valid-days 730 --install

Create a certificate with custom organization details:

local-ssl-cert --domain dev.local --org "My Company" --org-unit "Engineering" --email "[email protected]"

Uninstall a previously installed certificate:

local-ssl-cert --uninstall

Output Files

The script generates the following files in the output directory:

• rootCA.key: Root CA private key
• rootCA.pem: Root CA certificate
• <domain>.key: Domain private key
• <domain>.crt: Domain certificate
• <domain>.pem: Combined certificate chain (domain + root CA)
• <domain>.p12: PKCS12 file containing private key and certificate chain for browser import

Default output directory: ${XDG_CONFIG_HOME}/local-certs (typically ~/.config/local-certs)

Browser Configuration

The script generates a PKCS12 (.p12) file that can be directly imported into browsers:

Chrome

1. Settings → Privacy and security → Security → Manage certificates
2. Select the .p12 file and enter the password (default: p12pass)

Firefox

1. Preferences → Privacy & Security → View Certificates → Import
2. Select the .p12 file and enter the password (default: p12pass)

Security Notice

The certificates generated by this script are for development purposes only. Never use them in production environments.

License

MIT License

Contributing

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request