From 4f1d78f174a543c64299c0cb1b2a43182037d119 Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Tue, 24 Mar 2026 07:37:58 +0100 Subject: [PATCH] feat: add make-cert.sh script for generating self-signed CA and server certificates --- make-cert.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100755 make-cert.sh diff --git a/make-cert.sh b/make-cert.sh new file mode 100755 index 0000000..49e6679 --- /dev/null +++ b/make-cert.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +# +# This script creates a self-signed CA and a server certificate for the Azurite Emulator. +# +# For more sophisticated certificate management, consider using Simple CA project +# from: https://gitea.koszewscy.waw.pl/slawek/simple-ca.git + +CA_DIR="./ca" +CA_NAME="Azurite Emulator CA" +STORAGE_ACCOUNT_NAME="azuritelocal" +openssl req \ + -x509 -noenc -text \ + -newkey rsa:4096 \ + -keyout "${CA_DIR}/ca_key.pem" \ + -out "${CA_DIR}/ca_cert.pem" \ + -days 3650 \ + -subj "/CN=$CA_NAME" \ + -addext "basicConstraints=critical,CA:TRUE,pathlen:0" +HASH=$(openssl x509 -in "${CA_DIR}/ca_cert.pem" -noout -hash 2>/dev/null) +ln -sf $(basename "${CA_DIR}/ca_cert.pem") "${CA_DIR}/$HASH.0" # Check it +ALTNAMES=() +for endpoint in blob queue table; do + ALTNAMES+=("DNS:${STORAGE_ACCOUNT_NAME}.${endpoint}.core.windows.net") +done +openssl req \ + -newkey rsa:4096 \ + -noenc \ + -keyout "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_key.pem" \ + -subj "/CN=${STORAGE_ACCOUNT_NAME}.blob.core.windows.net" \ + -addext "basicConstraints=critical,CA:FALSE" \ + -addext "keyUsage=digitalSignature, keyEncipherment" \ + -addext "extendedKeyUsage=serverAuth" \ + -addext "subjectAltName=$(IFS=, ; echo "${ALTNAMES[*]}")" \ +| openssl x509 \ + -req -text \ + -CA "${CA_DIR}/ca_cert.pem" \ + -CAkey "${CA_DIR}/ca_key.pem" \ + -copy_extensions copyall \ + -days 365 \ + -out "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem" +openssl verify -CApath "${CA_DIR}" "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem" +cat <