feat: add make-cert.sh script for generating self-signed CA and server certificates

make-cert.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+#
+# This script creates a self-signed CA and a server certificate for the Azurite Emulator.
+#
+# For more sophisticated certificate management, consider using Simple CA project
+# from: https://gitea.koszewscy.waw.pl/slawek/simple-ca.git
+
+CA_DIR="./ca"
+CA_NAME="Azurite Emulator CA"
+STORAGE_ACCOUNT_NAME="azuritelocal"
+openssl req \
+    -x509 -noenc -text \
+    -newkey rsa:4096 \
+    -keyout "${CA_DIR}/ca_key.pem" \
+    -out "${CA_DIR}/ca_cert.pem" \
+    -days 3650 \
+    -subj "/CN=$CA_NAME" \
+    -addext "basicConstraints=critical,CA:TRUE,pathlen:0"
+HASH=$(openssl x509 -in "${CA_DIR}/ca_cert.pem" -noout -hash 2>/dev/null)
+ln -sf $(basename "${CA_DIR}/ca_cert.pem") "${CA_DIR}/$HASH.0" # Check it
+ALTNAMES=()
+for endpoint in blob queue table; do
+    ALTNAMES+=("DNS:${STORAGE_ACCOUNT_NAME}.${endpoint}.core.windows.net")
+done
+openssl req \
+    -newkey rsa:4096 \
+    -noenc \
+    -keyout "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_key.pem" \
+    -subj "/CN=${STORAGE_ACCOUNT_NAME}.blob.core.windows.net" \
+    -addext "basicConstraints=critical,CA:FALSE" \
+    -addext "keyUsage=digitalSignature, keyEncipherment" \
+    -addext "extendedKeyUsage=serverAuth" \
+    -addext "subjectAltName=$(IFS=, ; echo "${ALTNAMES[*]}")" \
+| openssl x509 \
+    -req -text \
+    -CA "${CA_DIR}/ca_cert.pem" \
+    -CAkey "${CA_DIR}/ca_key.pem" \
+    -copy_extensions copyall \
+    -days 365 \
+    -out "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem"
+openssl verify -CApath "${CA_DIR}" "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem"
+cat <<EOF
+Add the following line to your /etc/hosts file to resolve the emulator endpoints:
+
+127.0.0.1 $(IFS=' '; echo "${ALTNAMES[@]#DNS:}")
+EOF