1#!/bin/sh 2 3# As explained in 4# https://gist.github.com/darrenjs/4645f115d10aa4b5cebf57483ec82eca 5 6openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 7openssl rsa -passin pass:x -in server.pass.key -out server.key 8rm -f server.pass.key 9 10openssl req \ 11 -subj "/C=US/ST=California/L=Santa Clara/O=Beyond Aggravated/CN=localhost" \ 12 -new -key server.key -out server.csr 13 14openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt 15rm -f server.csr 16 17# Now create the list of certificates we trust as a client. 18 19rm trusted.pem 20 21# For now we just trust our own server. 22openssl x509 -in server.crt -text >> trusted.pem 23 24# Also add the system standard CA cert chain. 25# cat /opt/local/etc/openssl/cert.pem >> trusted.pem 26 27# Convert .pem to .der 28# openssl x509 -outform der -in trusted.pem -out trusted.der 29 30# Convert .crt and .key to .p12 for use by Security.framework 31# Enter password "foo"! 32openssl pkcs12 -export -inkey server.key -in server.crt -name localhost -out server.p12 33