Add scripts to generate certificate and add it to the macOS Keychain and iOS Keychain #44
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl genrsa -aes256 -passout pass:"$password" -out key.pem 2048 | ||
|
|
||
| # Generate the self-signed certificate and private key | ||
| openssl req -x509 -new -nodes -passin pass:"$password" -config cert.config -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem |
Collaborator
There was a problem hiding this comment.
Not used "$CERT_FILE" with -config
Scripts/cert.config
Outdated
| C=RU | ||
| L=RU | ||
| O=Catbird | ||
| CN=Catbird |
Collaborator
There was a problem hiding this comment.
here you probably need to specify the host?
Collaborator
Author
There was a problem hiding this comment.
Yes, but we do not have website.
Collaborator
Author
There was a problem hiding this comment.
Changed to http://localhost
|
|
||
| # Generate the self-signed certificate and private key | ||
| openssl req -x509 -new -nodes -passin pass:"$password" -config cert.config -key key.pem -sha256 -extensions v3_ca -days 365 -out root-ca.pem | ||
|
|
Collaborator
There was a problem hiding this comment.
For Vaport, the key is needed in the Key format .key
openssl rsa -outform der -in key.pem -out cert.key -passin pass:"$password"
|
|
||
| # Get path to the local keychain and trim whitespaces and quotation marks symbol | ||
| LOGIN_KEYCHAIN="$(security login-keychain | sed 's/[[:space:]]*"//g')" | ||
| security add-trusted-cert -k $LOGIN_KEYCHAIN root-ca.pem |
Collaborator
There was a problem hiding this comment.
Do I need to add to the system Keychain ?
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain root-ca.pem
Collaborator
|
I checked like this import NIOSSL
// ...
try app.http.server.configuration.tlsConfiguration = .makeServerConfiguration(
certificateChain: NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) },
privateKey: .file("cert.key")
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Scripts/generate-self-signed-certificate.sh— generates self signed certificate (root-ca.pem) usingScripts/cert.configconfig file.Scripts/extract-certificate-from-keychain.sh— extracts certificate from the local macOS KeychainScripts/add-certificate-to-system-keychain.sh— adds a certificate to the local macOS KeychainScripts/add-certificate-to-ios-keychain.sh— adds a certificate to the booted iOS SimulatorCloses #41