-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgen-cert.sh
More file actions
executable file
·29 lines (25 loc) · 1 KB
/
gen-cert.sh
File metadata and controls
executable file
·29 lines (25 loc) · 1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/env bash
# Generates a self-signed cert for the local desktop server (testing only)
# Mobile browsers require a SAN entry — CN alone is rejected since Chrome 58+
# For production use Let's Encrypt: certbot certonly --standalone -d yourdomain.com
set -e
# Detect local IP automatically, allow override: IP=1.2.3.4 bash gen-cert.sh
if [ -z "$IP" ]; then
IP=$(ip route get 1 2>/dev/null | awk '{print $7; exit}')
if [ -z "$IP" ]; then
IP="127.0.0.1"
echo "Warning: could not detect local IP, using 127.0.0.1"
echo "Override with: IP=192.168.x.x bash gen-cert.sh"
fi
fi
echo "Generating cert for IP: $IP"
mkdir -p certs
openssl req -x509 -newkey rsa:4096 \
-keyout certs/key.pem -out certs/cert.pem \
-days 365 -nodes \
-subj "/CN=${IP}" \
-addext "subjectAltName=IP:${IP},IP:127.0.0.1"
echo "Done — certs/key.pem and certs/cert.pem generated for ${IP}"
echo ""
echo "On your phone, open: https://${IP}:4000/<urlToken>"
echo "Accept the self-signed cert warning once, then it works."