create self sign certificate for browser

#!/bin/bash

test -e openssl.conf || cat << "EOF" > openssl.conf

[ req ]

default_bits = 2048

prompt = no

default_md = sha256

req_extensions = v3_ext

distinguished_name = dn

[ dn ]

CN = server.603030.xyz

[ req_ext ]

subjectAltName = @alt_names

[ alt_names ]

DNS.1 = server.603030.xyz

IP.1 = 172.31.7.26

[ v3_ext ]

basicConstraints=CA:FALSE

keyUsage=nonRepudiation, digitalSignature, keyEncipherment

extendedKeyUsage=serverAuth,clientAuth

subjectAltName=@alt_names

EOF

make ${1+"$@"} -f <( cat << 'EOF'

CACERT := ca.cer ca.key ca.csr

all: ${CACERT}

.PHONY: cacert servercert clientcert

cacert: ${CACERT}

        echo ${CACERT}

${CACERT}: android_options.txt

        openssl genrsa -out ca.key 2048

        openssl req -new -sha256 -key ca.key -out ca.csr -subj "/CN=603030.xyz"

        openssl x509 -req -days 3650 -sha256 -in ca.csr -signkey ca.key -extfile android_options.txt -out ca.cer

ap.cer: cacert

        openssl x509 -req -days 3650 -sha256 -extensions v3_ca -in ca.csr -signkey ca.key -out ap.cer

define build_certificate

$(1): ${CACERT}

        openssl genrsa -out $(2).key 2048

        openssl req -new -sha256 -key $(2).key -out $(2).csr -config openssl.conf

        openssl x509 -req -days 36500 -sha256 -extensions v3_ext -extfile openssl.conf -CA ca.cer -CAkey ca.key  -CAserial ca.srl  -CAcreateserial -in $(2).csr -out $(2).pem

endef

$(eval $(call build_certificate, servercert, server))

$(eval $(call build_certificate, clientcert1, client))

clientcert: clientcert1

        openssl pkcs12 -legacy -export  -passout pass:1234 -inkey client.key -in client.pem -out client.p12

android_options.txt:

        echo basicConstraints=CA:true |tee $@

clean:

        ${RM} android_options.txt *.pem *.csr *.crl *.key

EOF

)