localhost TLS mini CA including wildcard certs for *.m.localhost

2026-01-18 02:32:27 +00:00 · 2025-05-05 13:05:07 +02:00
parent 08f034251c
commit 14ff6dce93
5 changed files with 132 additions and 0 deletions
--- a/backend/dev_tls_local-ca.crt
+++ b/backend/dev_tls_local-ca.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGjCCAgKgAwIBAgIUGdiFHhH4KL2pqBjMQHQ+PVIkSV8wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy
+MDJaFw0zNTA1MDMxMDMyMDJaMB4xHDAaBgNVBAMME0VsZW1lbnQgQ2FsbCBEZXYg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2y0hjmNn1vRsVSdy
+8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH9jdT
+tG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeFw9fw
+eRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZNWnie
+Ui7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAveL9K
+FGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BLPiQU
+KGKrAgMBAAGjUDBOMB0GA1UdDgQWBBQJqBjMu61c1p24txw/y+kv3D+V6DAfBgNV
+HSMEGDAWgBQJqBjMu61c1p24txw/y+kv3D+V6DAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQB8m2YfFGLugNt5vAAOvNxVqDA8c72yCVYr3CBCpmTIEY5Z
+d3qVGhG9//ux6+J8ntkSwd9nV5GJyYXHukCG1VavnAWolWdNF/WAllf0jhLuz7kD
+/cJnuI1By4tBsBmSz851i6HJ4t5k99Be+6GQVzi0e7zzfxTHZE4xP2J6Ox8QbPsP
+n0m76nIp/WbWaJqzvIIjJhmUUPPv+4wN+eOArgjiGLzptM2qTtGZtd0c9nS5gvep
+mEbSUN9zkhAroZf80wf+hEvy+fJ94VbZ9QjTzTg7odZLrsXGIe8DaG63EYRQ25b
+W5iYBAreln5fGSt7qHsGfqwZibTEk/Lx3dydO1Kg
+-----END CERTIFICATE-----
--- a/backend/dev_tls_local-ca.key
+++ b/backend/dev_tls_local-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA2y0hjmNn1vRs
+VSdy8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH
+9jdTtG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeF
+w9fweRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZN
+WnieUi7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAv
+eL9KFGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BL
+PiQUKGKrAgMBAAECggEAAPX2kxi5AQ7ul82SzT1KgpSXyDHLdYaUyAoYnaX9RO+B
+8ylmpyeqygs4+KQS4EMJm9jpo85Oy37bIKdG3kljU6wQcKlL5Y+ZUOo1nzpV6fid
+hGVs6ts8VXw8KshKQ9AyccZ8L/pirUfgOffgTwfjY7/90zceAL/s98GuZWc62nkX
+55joQv/OikqYfAGP/U6Bp2Zyf23DwJB09Z3B6NnZj/ZyAbDrDEHuA15LhCOcCczp
+IU/mFEywBPHT9Tg4w4Beq78PeAETvku2UalYRLhP3RLlXr2oEbwUtINRVt2QjZ85
+Esps4uCqL/mgQluIebtudD9HL/YMlNPXue1mDXFxJQKBgQDgZZY4yJBcf488T1V6
+HNm06b/LvVGj253pKgw14hpY1xQu3Ymgzv1GEqzhSYdzxhpmj0tMUNHxAp+YdGQu
+SZ0wcPKhw0aYVkIjDRYDC3Wn5GJhyIEYHGYMo/n4l49UzHRBPOTDzp49DkHTKBgh
+XgIIazYT3CkjTIMRrkUv+qfIPQKBgQDcBGu/mqbjxs4sN3zqPS4aB21o6t6W0sXs
+ZP9w6RlTPQi5U2oRbftjZtYc0bbEgkMUImB1HwYPQT5pJ+MyC414xDvSc2exBr5d
+To6yyPIy78Tf5PHM12fpKV92nSvoz/pSjYcGxxDtKfPqu+t8mOJfjCV1lLLA+xuB
+DDaE4p8dBwKBgQCdAne6A5v/HMH8UQZeCxHJpESvKiiVnnU/UEx651nID7XvlNNX
+0X0mKqsMd4ZvW43ddSYan/JF0LAa3FW8jYWO/3jF9vzOWoysOdvNBZetgf/Uq5ao
+aDZ/YbzmVCXWD7jIbPMkjs3pqrAkL0mzDzQc7+dGviWKrV6IYIfIqnn7gQKBgDCz
+vdIk/qpO+JZrFfiX4Fucp0hhLTJ/p5ZDaRPqVVPKn+K+Jy2ChfIj8mNgvK9VEloj
+nexvGJ1J2PHYBX+vdPp1nbRhHWPfVUY8PHQw7QP/dToGaMvqJrNDGEGeWvjnCMc7
+UtdaO1H0Rm0AegkTopB56lTTvJnhO95eALd7nrMDAoGAEPdzJtWoKafp49svhSj0
+hiXQv2SPBwVUN4LZ4SOWiXUcmYYm80aNpYKLkBxYjrfqFWhE7NUHLGp8YorQWKY2
+acD9AReHk/xku0ABy6jeYmSCmCxASxst5liKD+l12sk0gB0rk5MBxB4Uu1MIbQZ2
+aCASX3AVD2/XyC2MKkzc8Eg=
+-----END PRIVATE KEY-----
--- a/backend/dev_tls_m.localhost.crt
+++ b/backend/dev_tls_m.localhost.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIUXizLjwkdqepX0bh0K3abeJxj68AwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy
+MDJaFw0zNTA1MDMxMDMyMDJaMBgxFjAUBgNVBAMMDSoubS5sb2NhbGhvc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbr79gttr7X8j+ISfdCV53PD8f
+R6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1UiLSNL0GHisclB
+5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8f75g9CdeVDmv
+Kw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS2wV3DYqdSXoa
+xWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/IJ2SDIaUiI++R
+4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZaQ0bAzPDAgMB
+AAGjgZcwgZQwHwYDVR0jBBgwFoAUCagYzLutXNaduLccP8vpL9w/legwCQYDVR0T
+BAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4w
+HIILbS5sb2NhbGhvc3SCDSoubS5sb2NhbGhvc3QwHQYDVR0OBBYEFJgJZkgE6cem
+HbSQ7P47rVhmeWjHMA0GCSqGSIb3DQEBCwUAA4IBAQBDocJIUHVxNvbvigPyZvZa
+uAmj5eqhf8fDNtQM2tl8AuzOJm0TlggUuKDQNM6zRBXVHQRhCmtaZ3CMkmkTNNhH
+aMfG7o/JVvQsxIuORMvAnPlivla2DgiEWr/NEaWISlINMov44DysOyupbHRXcbKd
+WWB1cA+D5ZNb8ivOPT1edNSGavAiyEaCPA/qqGFZwq54EtJKIuteqV1UGn1nYD/W
+a0niB157moRtlnzwNfwDDeW1Y4HBbuVkX2sipCO+HC6sn7Vni90LzK9zBolaWXTw
+RxauTzS9IvtU1G/Gv5/VRzhzIb+ds2jEsdLLnBlTyA+Jh2Cqs002t7QJki6Qto5p
+-----END CERTIFICATE-----
--- a/backend/dev_tls_m.localhost.key
+++ b/backend/dev_tls_m.localhost.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbr79gttr7X8j+
+ISfdCV53PD8fR6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1Ui
+LSNL0GHisclB5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8
+f75g9CdeVDmvKw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS
+2wV3DYqdSXoaxWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/I
+J2SDIaUiI++R4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZ
+aQ0bAzPDAgMBAAECggEARLRazvnzCnLbVrbYCjX7v7/RFWM9/OKRWnJ6p2uULWE4
+FaoDFuaJHSHJU8AXYegfiiTi1+ylxtrcr4/e3zKvN+UAbXlYzgnOFCHwGoFcrJtK
+EnQhJiIsenX2lLCe9755rznIzScGY+0/ChoPsGaexwSBTlnAQL6HykVbMfKOz03H
+ywEx4g3AK1rgTnqNLFHkl+1ainoW6ffeM6thMD/bObGz+PoGSMqbTA80TGMswgMN
+Ipnt0AwSgKweLmYG00t667c9htxY6DPRUoJ55dqsAFS8VMa4hhcslyhktPXTGEXh
+x2r8UAFavEo2IdRnR8vfNfOv6twsWSHTVRGc7qmKDQKBgQDX0HnMAnBb8KB1zj/O
+1prhAlhc6Jtwf3s5Hm/2MW0Jg/u7bZx81s206rvcTJtUJ2ROH+K7Rx3iASWzcsuW
+XljCWA9G156SuOBE6mIS1EMI1EKgjbJBru1cOco6AIwI0SuJKcEX/1RtzoBbIIbZ
+qhn99RszqAKDjw1iqbpyZCX5PQKBgQC4rRLsMTVvFTqWPEAA7SeJr3LZF+eoap/U
+1+MA+J49D5ykQMFHjL1VSdfWgKIm3i4xDbDLAX1BYELxeKVLIp6CL808zEldGQy5
+g+O4dJlmz1PUGorb28qKGJnfwXK7F5tJuX+NgQM2zJnueyTv+fsskBp79CWNQvzr
+ueG41o6w/wKBgG7sA+3LQxy+LHrgKwOQYcJMhkYad+n2W8sbzcfn13cQkw3eZJP1
+g3z9ONkdtqgmJvPQh6RiBQXoOQxmcCU1EMGyqQdsQ2B+DSbeoNG0r0+WaThEG96O
+ngjM2xe8uDy/5XR2NXy0Cxz1ChvMOAMf3oQcuoJuU/xyRhrzyZSJzMqxAoGAH8hx
+nEKvzolZxudhoIcwKcsPOfuaO+r1zPzGrbEcEqgwLjiSywyWvSnzQpBq18OfMYQI
+rDd6Zhj6DHLWB8NSgldVvCPwcFxSS08+js1KZV5DMBrNUR9XkULAoLi7VSWv7RVG
+tYTBl9nImDmLVt2v87BtTm3rVI911d/s0BHlBuMCgYEAs0AFMsTE+22Y44JMcTAE
+OeHEsEDXI5cTlcNmwFKWY+UCZnb2FXflO2XNeqyi6ReYMUyBI2wHdUGvh2B1c2Ac
+3z/SShBLS7bMGgyvYE/By1xnemiy+6vG2NIYHKExZfOphx8rDTfm5Qlj6LxstY9+
+Tx2VzAs01UIZGDhJ94u5imo=
+-----END PRIVATE KEY-----
--- a/backend/dev_tls_setup
+++ b/backend/dev_tls_setup
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Step 1: Create a Root CA key and cert
+openssl genrsa -out dev_tls_local-ca.key 2048
+openssl req -x509 -new -nodes \
+  -days 3650 \
+  -subj "/CN=Element Call Dev CA" \
+  -key dev_tls_local-ca.key \
+  -out dev_tls_local-ca.crt \
+  -sha256 -addext "basicConstraints=CA:TRUE"
+
+# Step 2: Create a private key and CSR for *.m.localhost
+openssl req -new -nodes -newkey rsa:2048 \
+  -keyout dev_tls_m.localhost.key \
+  -out dev_tls_m.localhost.csr \
+  -subj "/CN=*.m.localhost"
+
+# Step 3: Sign the CSR with your CA
+openssl x509 \
+  -req -in dev_tls_m.localhost.csr \
+  -CA dev_tls_local-ca.crt -CAkey dev_tls_local-ca.key \
+  -CAcreateserial \
+  -out dev_tls_m.localhost.crt \
+  -days 3650 \
+  -sha256 \
+  -extfile <( cat <<EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = m.localhost
+DNS.2 = *.m.localhost
+EOF
+)