usky-human/scripts/generate_ssl_cert.sh

#!/bin/bash

# 生成自签名 SSL 证书脚本
# 使用方法: ./scripts/generate_ssl_cert.sh

# 设置证书目录
CERT_DIR="certs"
mkdir -p $CERT_DIR

# 证书配置
DOMAIN="localhost"
DAYS=365
KEY_SIZE=2048

echo "正在生成自签名 SSL 证书..."
echo "域名: $DOMAIN"
echo "有效期: $DAYS 天"
echo "密钥长度: $KEY_SIZE 位"
echo ""

# 生成私钥
echo "1. 生成私钥..."
openssl genrsa -out $CERT_DIR/server.key $KEY_SIZE

# 生成证书签名请求 (CSR)
echo "2. 生成证书签名请求..."
openssl req -new -key $CERT_DIR/server.key -out $CERT_DIR/server.csr -subj "/C=CN/ST=State/L=City/O=Organization/CN=$DOMAIN"

# 生成自签名证书
echo "3. 生成自签名证书..."
openssl x509 -req -days $DAYS -in $CERT_DIR/server.csr -signkey $CERT_DIR/server.key -out $CERT_DIR/server.crt -extensions v3_req -extfile <(
cat <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $DOMAIN
DNS.2 = *.localhost
IP.1 = 127.0.0.1
IP.2 = ::1
EOF
)

# 清理临时文件
rm -f $CERT_DIR/server.csr

echo ""
echo "✅ 证书生成完成！"
echo "证书文件位置:"
echo "  - 私钥: $CERT_DIR/server.key"
echo "  - 证书: $CERT_DIR/server.crt"
echo ""
echo "⚠️  注意: 这是自签名证书，浏览器会显示安全警告，这是正常的。"
echo "   在生产环境中，请使用由受信任的 CA 签发的证书。"