Hi, I’m using a fairly unmodified Ubuntu VM on Windows with VirtualBox, and upon running certs/generate_local_ssl.sh I received the output
patrick@iwwm:~/dfglance/boilerplate/certs$ ./generate_local_ssl.sh
cat: /System/Library/OpenSSL/openssl.cnf: No such file or directory
Generating a 4096 bit RSA private key
............................++
...........................................................++
writing new private key to 'testing.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
139700253935256:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=req name=distinguished_name
Generated testing.key and testing.crt files in local directory
Please install and trust cert at /home/patrick/dfglance/boilerplate/certs/testing.crt
Only testing.key was generated. Looking at the script, /System/Library/OpenSSL/openssl.cnf does not exist for me, but /etc/ssl/openssl.cnf does (unmodified), yet the script still uses that first path. When I removed the first path so the line looked like -config <( cat $( [[ "Darwin" -eq "$(uname -s)" ]] && echo /etc/ssl/openssl.cnf ) \
then the script worked and generated both testing.key and testing.crt. I don’t know any shell scripting but it seems the file exists check isn’t working correctly, at least on my machine.
The script only works on Darwin it would seem. AKA Mac.
Since you are working on Ubuntu you might want to use https://letsencrypt.org/ to generate (if your VM is web accessable) and apply that cert to apache/nginx or https://ngrok.com/ to SSL terminate instead.
That would save faffing about with self signed certs
-eq checks for numerical value, it should be = instead. Both “Darwin” and “Linux” have a numerical value of 0, so the check is useless. I sent a pull request to fix that tiny mistake.
echo “”
echo “Generated $NAME.key and $NAME.crt files in local directory”
echo “”
if [[ “$OSTYPE” == “darwin”* ]]; then
echo “Installing cert into local Keychain.”
echo “To see or modify, run ‘Keychain Access’ app and look in the ‘System’ Folder”
sudo security add-trusted-cert -d -p ssl -r trustRoot -k “/Library/Keychains/System.keychain” “${NAME}.crt”
else
sudo cp testing.crt /usr/local/share/ca-certificates/testing.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
fi
It seems like the original script doesn’t handle installing the generated key in any OS besides Mac? In any case I added what I think you want it to do based off this. If it doesn’t work, perhaps you could just manually copy the generated “testing.cert” in /boilerplate/certs to /usr/local/share/ca-certificates/