#!/bin/bash set -euo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" # Generate a new RSA key/cert for local development HOST="localhost" CRT="$HOST.crt" KEY="$HOST.key" # Install the system certificate if it's not already # NOTE: The ecdsa flag does nothing but I wish it did go run filippo.io/mkcert -ecdsa -install # Generate a new certificate for localhost # This fork of mkcert supports the -days flag. go run filippo.io/mkcert -ecdsa -days 10 -cert-file "$CRT" -key-file "$KEY" localhost 127.0.0.1 ::1 # Compute the sha256 fingerprint of the certificate for WebTransport openssl x509 -in "$CRT" -outform der | openssl dgst -sha256 -binary | xxd -p -c 256 > localhost.hex