#!/bin/bash

# Use this script to generate a self-signed cert for a given hostname
# Usage: bin/makecert [hostname]
# If you do not supply an argument, it will prompt for the hostname

if [ -z $1 ]; then
    read -p "Enter hostname: " hostname
    HOSTNAME="$hostname"
else
    HOSTNAME="$1"
fi

# Replace any spaces with dashes
HOSTNAME="${HOSTNAME//[ ]/-}"

if [ -z "$HOSTNAME" ]; then
    echo "Aborting..."
    exit 1
fi

echo "Making cert and key for host '$HOSTNAME'"
mkdir -vp certs

# This one will generate a cert with SANs suitable for local dev
openssl req -x509 -newkey rsa:4096 -nodes\
  -days 365 -subj "/CN=$HOSTNAME"\
  -keyout "certs/$HOSTNAME.key.pem"\
  -out "certs/$HOSTNAME.cert.pem"\
  -addext "subjectAltName=DNS:$HOSTNAME,IP:127.0.0.1,IP:0.0.0.0"

# To inspect a cert use the following command
#openssl x509 -in <path/to/cert/file> -text -noout