azure-storage-emulator/make-cert.sh

#!/usr/bin/env bash
#
# This script creates a self-signed CA and a server certificate for the Azurite Emulator.
#
# For more sophisticated certificate management, consider using Simple CA project
# from: https://gitea.koszewscy.waw.pl/slawek/simple-ca.git

CA_DIR="${CA_DIR:-./ca}"
CA_NAME="${CA_NAME:-Azurite Emulator CA}"
STORAGE_ACCOUNT_NAME="${STORAGE_ACCOUNT_NAME:-azuritelocal}"
mkdir -p "$CA_DIR"
if [[ ! -f "${CA_DIR}/ca_cert.pem" || ! -f "${CA_DIR}/ca_key.pem" ]]; then
    openssl req \
        -x509 -noenc -text \
        -newkey rsa:4096 \
        -keyout "${CA_DIR}/ca_key.pem" \
        -out "${CA_DIR}/ca_cert.pem" \
        -days 3650 \
        -subj "/CN=$CA_NAME" \
        -addext "basicConstraints=critical,CA:TRUE,pathlen:0"
    HASH=$(openssl x509 -in "${CA_DIR}/ca_cert.pem" -noout -hash 2>/dev/null)
    ln -sf ca_cert.pem "${CA_DIR}/$HASH.0"
fi
ALTNAMES=()
for endpoint in blob queue table; do
    ALTNAMES+=("DNS:${STORAGE_ACCOUNT_NAME}.${endpoint}.core.windows.net")
done
openssl req \
    -newkey rsa:4096 \
    -noenc \
    -keyout "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_key.pem" \
    -subj "/CN=${STORAGE_ACCOUNT_NAME}.blob.core.windows.net" \
    -addext "basicConstraints=critical,CA:FALSE" \
    -addext "keyUsage=digitalSignature, keyEncipherment" \
    -addext "extendedKeyUsage=serverAuth" \
    -addext "subjectAltName=$(IFS=, ; echo "${ALTNAMES[*]}")" \
| openssl x509 \
    -req -text \
    -CA "${CA_DIR}/ca_cert.pem" \
    -CAkey "${CA_DIR}/ca_key.pem" \
    -copy_extensions copyall \
    -days 365 \
    -out "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem"
openssl verify -CApath "${CA_DIR}" "${CA_DIR}/${STORAGE_ACCOUNT_NAME}_cert.pem"
cat <<EOF
Add the following line to your /etc/hosts file to resolve the emulator endpoints:

127.0.0.1 $(IFS=' '; echo "${ALTNAMES[@]#DNS:}")
EOF