A bash script to create and manage SSL certificates for local development environments.
Built with the help of Claude
- Generate self-signed SSL certificates for local development
- Support for custom domains and wildcards
- System-wide certificate installation
- Cross-platform support (Ubuntu, Debian, Fedora, RedHat, CentOS)
- Configurable certificate attributes
- XDG base directory compliance
- OpenSSL
- sudo privileges (for system-wide installation)
- Download the script:
sudo curl -o /usr/local/bin/local-ssl-cert https://raw.githubusercontent.com/clove3am/local-ssl-cert/main/local-ssl-cert.sh
- Make it executable:
chmod +x /usr/local/bin/local-ssl-cert
Create a certificate for localhost:
local-ssl-cert
Create and install a certificate for a custom domain:
local-ssl-cert --domain mysite.local --install
-h, --help Show help message
-d, --domain DOMAIN Set custom domain (default: localhost)
-o, --output-dir DIR Set output directory (default: ${XDG_CONFIG_HOME}/local-certs)
-v, --valid-days DAYS Set certificate validity in days (default: 365)
-i, --install Install the root certificate system-wide
-u, --uninstall Uninstall the root certificate
-p, --password PASS Set the password for the PKCS12 export (default: p12pass)
--country CODE Set country code (default: US)
--state STATE Set state/province (default: California)
--locality LOCALITY Set locality/city (default: San Francisco)
--org ORGANIZATION Set organization (default: Local Development)
--org-unit UNIT Set organizational unit (default: Development)
--email EMAIL Set email address (default: dev@localhost)
Create a certificate valid for 2 years:
local-ssl-cert --domain myapp.local --valid-days 730 --install
Create a certificate with custom organization details:
local-ssl-cert --domain dev.local --org "My Company" --org-unit "Engineering" --email "dev@mycompany.com"
Uninstall a previously installed certificate:
local-ssl-cert --uninstall
The script generates the following files in the output directory:
rootCA.key
: Root CA private keyrootCA.pem
: Root CA certificate<domain>.key
: Domain private key<domain>.crt
: Domain certificate<domain>.pem
: Combined certificate chain (domain + root CA)<domain>.p12
: PKCS12 file containing private key and certificate chain for browser import
Default output directory: ${XDG_CONFIG_HOME}/local-certs
(typically ~/.config/local-certs
)
The script generates a PKCS12 (.p12) file that can be directly imported into browsers:
- Settings → Privacy and security → Security → Manage certificates
- Select the .p12 file and enter the password (default: p12pass)
- Preferences → Privacy & Security → View Certificates → Import
- Select the .p12 file and enter the password (default: p12pass)
The certificates generated by this script are for development purposes only. Never use them in production environments.
MIT License
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature
) - Commit your changes (
git commit -m 'Add amazing feature'
) - Push to the branch (
git push origin feature/amazing-feature
) - Open a Pull Request