From 14ff6dce9364ed362540d47cfe3e45f88b3829ff Mon Sep 17 00:00:00 2001 From: fkwp Date: Mon, 5 May 2025 13:05:07 +0200 Subject: [PATCH] localhost TLS mini CA including wildcard certs for *.m.localhost --- backend/dev_tls_local-ca.crt | 19 +++++++++++++++++ backend/dev_tls_local-ca.key | 28 +++++++++++++++++++++++++ backend/dev_tls_m.localhost.crt | 20 ++++++++++++++++++ backend/dev_tls_m.localhost.key | 28 +++++++++++++++++++++++++ backend/dev_tls_setup | 37 +++++++++++++++++++++++++++++++++ 5 files changed, 132 insertions(+) create mode 100644 backend/dev_tls_local-ca.crt create mode 100644 backend/dev_tls_local-ca.key create mode 100644 backend/dev_tls_m.localhost.crt create mode 100644 backend/dev_tls_m.localhost.key create mode 100644 backend/dev_tls_setup diff --git a/backend/dev_tls_local-ca.crt b/backend/dev_tls_local-ca.crt new file mode 100644 index 00000000..9c8ee3d7 --- /dev/null +++ b/backend/dev_tls_local-ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGjCCAgKgAwIBAgIUGdiFHhH4KL2pqBjMQHQ+PVIkSV8wDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy +MDJaFw0zNTA1MDMxMDMyMDJaMB4xHDAaBgNVBAMME0VsZW1lbnQgQ2FsbCBEZXYg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA2y0hjmNn1vRsVSdy +8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH9jdT +tG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeFw9fw +eRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZNWnie +Ui7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAveL9K +FGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BLPiQU +KGKrAgMBAAGjUDBOMB0GA1UdDgQWBBQJqBjMu61c1p24txw/y+kv3D+V6DAfBgNV +HSMEGDAWgBQJqBjMu61c1p24txw/y+kv3D+V6DAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQB8m2YfFGLugNt5vAAOvNxVqDA8c72yCVYr3CBCpmTIEY5Z +d3qVGhG9//ux6+J8ntkSwd9nV5GJyYXHukCG1VavnAWolWdNF/WAllf0jhLuz7kD +/cJnuI1By4tBsBmSz851i6HJ4t5k99Be+6GQVzi0e7zzfxTHZE4xP2J6Ox8QbPsP +n0m76nIp/WbWaJqzvIIjJhmUUPPv+4wN+eOArgjiGLzptM2qTtGZtd0c9nS5gvep ++mEbSUN9zkhAroZf80wf+hEvy+fJ94VbZ9QjTzTg7odZLrsXGIe8DaG63EYRQ25b +W5iYBAreln5fGSt7qHsGfqwZibTEk/Lx3dydO1Kg +-----END CERTIFICATE----- diff --git a/backend/dev_tls_local-ca.key b/backend/dev_tls_local-ca.key new file mode 100644 index 00000000..c6de05c4 --- /dev/null +++ b/backend/dev_tls_local-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA2y0hjmNn1vRs +VSdy8IOfo8N1q9UgkhQWpGKXzPh+D5d1fnuJEmHIVwtDEtS/PwQ43LTmegChPtKH +9jdTtG0IihW9Ja5YNG+9xAwaoA/sB3CGCBYsz+2/XjVUpXoBJXIPoFBWsn+K0oeF +w9fweRO1z9abM4cl+LjKzMNM8CCyu9uI1MaGjYez2YIWvG854VucLxX7HSlMJxZN +WnieUi7fMakuJhB2+aiIQjdKxy4E5RHNhzYG/LXhvP+wBYBDPNRsP3rtzEaE9HAv +eL9KFGqd3R4cBia6r1WIXmpAzyu5RGP5Eou0TZlGkal96/bF0I7q/pKlL23Jt1BL +PiQUKGKrAgMBAAECggEAAPX2kxi5AQ7ul82SzT1KgpSXyDHLdYaUyAoYnaX9RO+B +8ylmpyeqygs4+KQS4EMJm9jpo85Oy37bIKdG3kljU6wQcKlL5Y+ZUOo1nzpV6fid +hGVs6ts8VXw8KshKQ9AyccZ8L/pirUfgOffgTwfjY7/90zceAL/s98GuZWc62nkX +55joQv/OikqYfAGP/U6Bp2Zyf23DwJB09Z3B6NnZj/ZyAbDrDEHuA15LhCOcCczp +IU/mFEywBPHT9Tg4w4Beq78PeAETvku2UalYRLhP3RLlXr2oEbwUtINRVt2QjZ85 +Esps4uCqL/mgQluIebtudD9HL/YMlNPXue1mDXFxJQKBgQDgZZY4yJBcf488T1V6 +HNm06b/LvVGj253pKgw14hpY1xQu3Ymgzv1GEqzhSYdzxhpmj0tMUNHxAp+YdGQu +SZ0wcPKhw0aYVkIjDRYDC3Wn5GJhyIEYHGYMo/n4l49UzHRBPOTDzp49DkHTKBgh +XgIIazYT3CkjTIMRrkUv+qfIPQKBgQDcBGu/mqbjxs4sN3zqPS4aB21o6t6W0sXs +ZP9w6RlTPQi5U2oRbftjZtYc0bbEgkMUImB1HwYPQT5pJ+MyC414xDvSc2exBr5d +To6yyPIy78Tf5PHM12fpKV92nSvoz/pSjYcGxxDtKfPqu+t8mOJfjCV1lLLA+xuB +DDaE4p8dBwKBgQCdAne6A5v/HMH8UQZeCxHJpESvKiiVnnU/UEx651nID7XvlNNX +0X0mKqsMd4ZvW43ddSYan/JF0LAa3FW8jYWO/3jF9vzOWoysOdvNBZetgf/Uq5ao +aDZ/YbzmVCXWD7jIbPMkjs3pqrAkL0mzDzQc7+dGviWKrV6IYIfIqnn7gQKBgDCz +vdIk/qpO+JZrFfiX4Fucp0hhLTJ/p5ZDaRPqVVPKn+K+Jy2ChfIj8mNgvK9VEloj +nexvGJ1J2PHYBX+vdPp1nbRhHWPfVUY8PHQw7QP/dToGaMvqJrNDGEGeWvjnCMc7 +UtdaO1H0Rm0AegkTopB56lTTvJnhO95eALd7nrMDAoGAEPdzJtWoKafp49svhSj0 +hiXQv2SPBwVUN4LZ4SOWiXUcmYYm80aNpYKLkBxYjrfqFWhE7NUHLGp8YorQWKY2 +acD9AReHk/xku0ABy6jeYmSCmCxASxst5liKD+l12sk0gB0rk5MBxB4Uu1MIbQZ2 +aCASX3AVD2/XyC2MKkzc8Eg= +-----END PRIVATE KEY----- diff --git a/backend/dev_tls_m.localhost.crt b/backend/dev_tls_m.localhost.crt new file mode 100644 index 00000000..be3eb0a3 --- /dev/null +++ b/backend/dev_tls_m.localhost.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkSgAwIBAgIUXizLjwkdqepX0bh0K3abeJxj68AwDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTRWxlbWVudCBDYWxsIERldiBDQTAeFw0yNTA1MDUxMDMy +MDJaFw0zNTA1MDMxMDMyMDJaMBgxFjAUBgNVBAMMDSoubS5sb2NhbGhvc3QwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbr79gttr7X8j+ISfdCV53PD8f +R6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1UiLSNL0GHisclB +5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8f75g9CdeVDmv +Kw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS2wV3DYqdSXoa +xWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/IJ2SDIaUiI++R +4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZaQ0bAzPDAgMB +AAGjgZcwgZQwHwYDVR0jBBgwFoAUCagYzLutXNaduLccP8vpL9w/legwCQYDVR0T +BAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4w +HIILbS5sb2NhbGhvc3SCDSoubS5sb2NhbGhvc3QwHQYDVR0OBBYEFJgJZkgE6cem +HbSQ7P47rVhmeWjHMA0GCSqGSIb3DQEBCwUAA4IBAQBDocJIUHVxNvbvigPyZvZa +uAmj5eqhf8fDNtQM2tl8AuzOJm0TlggUuKDQNM6zRBXVHQRhCmtaZ3CMkmkTNNhH +aMfG7o/JVvQsxIuORMvAnPlivla2DgiEWr/NEaWISlINMov44DysOyupbHRXcbKd +WWB1cA+D5ZNb8ivOPT1edNSGavAiyEaCPA/qqGFZwq54EtJKIuteqV1UGn1nYD/W +a0niB157moRtlnzwNfwDDeW1Y4HBbuVkX2sipCO+HC6sn7Vni90LzK9zBolaWXTw +RxauTzS9IvtU1G/Gv5/VRzhzIb+ds2jEsdLLnBlTyA+Jh2Cqs002t7QJki6Qto5p +-----END CERTIFICATE----- diff --git a/backend/dev_tls_m.localhost.key b/backend/dev_tls_m.localhost.key new file mode 100644 index 00000000..d83c1dea --- /dev/null +++ b/backend/dev_tls_m.localhost.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbr79gttr7X8j+ +ISfdCV53PD8fR6JsLf6nmkCbRqCaIq85Y82tnYbUB3B6F9RcosrxF+UHFMa/i1Ui +LSNL0GHisclB5LII2RycsLJYShkO9pVioVDf3gh+hyVRySBQ2FgtLHB+ZgcZOCG8 +f75g9CdeVDmvKw4J29QV8bxFSafvTLOdqtupylfTSqYVTAE8HnIOsdnZ+mE6SjeS +2wV3DYqdSXoaxWmGranZUmrCgeZdukAZTWgAlHgQvuWVtgyAxPmhcr2KA50QHB/I +J2SDIaUiI++R4nXkVChbePnNaxqw0kc0QD3Jpd3B1QhHlOhKi9R6Mo5Iyf0nsHnZ +aQ0bAzPDAgMBAAECggEARLRazvnzCnLbVrbYCjX7v7/RFWM9/OKRWnJ6p2uULWE4 +FaoDFuaJHSHJU8AXYegfiiTi1+ylxtrcr4/e3zKvN+UAbXlYzgnOFCHwGoFcrJtK +EnQhJiIsenX2lLCe9755rznIzScGY+0/ChoPsGaexwSBTlnAQL6HykVbMfKOz03H +ywEx4g3AK1rgTnqNLFHkl+1ainoW6ffeM6thMD/bObGz+PoGSMqbTA80TGMswgMN +Ipnt0AwSgKweLmYG00t667c9htxY6DPRUoJ55dqsAFS8VMa4hhcslyhktPXTGEXh +x2r8UAFavEo2IdRnR8vfNfOv6twsWSHTVRGc7qmKDQKBgQDX0HnMAnBb8KB1zj/O +1prhAlhc6Jtwf3s5Hm/2MW0Jg/u7bZx81s206rvcTJtUJ2ROH+K7Rx3iASWzcsuW +XljCWA9G156SuOBE6mIS1EMI1EKgjbJBru1cOco6AIwI0SuJKcEX/1RtzoBbIIbZ +qhn99RszqAKDjw1iqbpyZCX5PQKBgQC4rRLsMTVvFTqWPEAA7SeJr3LZF+eoap/U +1+MA+J49D5ykQMFHjL1VSdfWgKIm3i4xDbDLAX1BYELxeKVLIp6CL808zEldGQy5 +g+O4dJlmz1PUGorb28qKGJnfwXK7F5tJuX+NgQM2zJnueyTv+fsskBp79CWNQvzr +ueG41o6w/wKBgG7sA+3LQxy+LHrgKwOQYcJMhkYad+n2W8sbzcfn13cQkw3eZJP1 +g3z9ONkdtqgmJvPQh6RiBQXoOQxmcCU1EMGyqQdsQ2B+DSbeoNG0r0+WaThEG96O +ngjM2xe8uDy/5XR2NXy0Cxz1ChvMOAMf3oQcuoJuU/xyRhrzyZSJzMqxAoGAH8hx +nEKvzolZxudhoIcwKcsPOfuaO+r1zPzGrbEcEqgwLjiSywyWvSnzQpBq18OfMYQI +rDd6Zhj6DHLWB8NSgldVvCPwcFxSS08+js1KZV5DMBrNUR9XkULAoLi7VSWv7RVG +tYTBl9nImDmLVt2v87BtTm3rVI911d/s0BHlBuMCgYEAs0AFMsTE+22Y44JMcTAE +OeHEsEDXI5cTlcNmwFKWY+UCZnb2FXflO2XNeqyi6ReYMUyBI2wHdUGvh2B1c2Ac +3z/SShBLS7bMGgyvYE/By1xnemiy+6vG2NIYHKExZfOphx8rDTfm5Qlj6LxstY9+ +Tx2VzAs01UIZGDhJ94u5imo= +-----END PRIVATE KEY----- diff --git a/backend/dev_tls_setup b/backend/dev_tls_setup new file mode 100644 index 00000000..4276e148 --- /dev/null +++ b/backend/dev_tls_setup @@ -0,0 +1,37 @@ +#!/bin/bash + +# Step 1: Create a Root CA key and cert +openssl genrsa -out dev_tls_local-ca.key 2048 +openssl req -x509 -new -nodes \ + -days 3650 \ + -subj "/CN=Element Call Dev CA" \ + -key dev_tls_local-ca.key \ + -out dev_tls_local-ca.crt \ + -sha256 -addext "basicConstraints=CA:TRUE" + +# Step 2: Create a private key and CSR for *.m.localhost +openssl req -new -nodes -newkey rsa:2048 \ + -keyout dev_tls_m.localhost.key \ + -out dev_tls_m.localhost.csr \ + -subj "/CN=*.m.localhost" + +# Step 3: Sign the CSR with your CA +openssl x509 \ + -req -in dev_tls_m.localhost.csr \ + -CA dev_tls_local-ca.crt -CAkey dev_tls_local-ca.key \ + -CAcreateserial \ + -out dev_tls_m.localhost.crt \ + -days 3650 \ + -sha256 \ + -extfile <( cat <