From 9bcffb08fb1bf63165808304163b8f04ff4fb58a Mon Sep 17 00:00:00 2001
From: Sascha Wilde <wilde@intevation.de>
Date: Fri, 24 Jul 2020 17:30:16 +0200
Subject: [PATCH] If mkcert is not available, create certificates using openssl

---
 haproxy/prepare-cert.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/haproxy/prepare-cert.sh b/haproxy/prepare-cert.sh
index a15b91942..118090482 100755
--- a/haproxy/prepare-cert.sh
+++ b/haproxy/prepare-cert.sh
@@ -9,7 +9,19 @@ combined="src/combined.pem"
 if [[ ! -f $combined ]]; then
     echo "Creating certificates..."
     cd src
-    mkcert -cert-file localhost.pem -key-file localhost-key.pem localhost 127.0.0.1
+    if type 2>1 >/dev/null mkcert ; then
+      mkcert -cert-file localhost.pem -key-file localhost-key.pem localhost 127.0.0.1
+    elif type 2>1 >/dev/null openssl ; then
+      echo "Command 'mkcert' not found, using openssl fallback."
+      echo "You will need to accept an security exception for the"
+      echo "generated certificate in your browser manually."
+      openssl req -x509 -newkey rsa:4096 -nodes -days 3650 \
+              -subj "/C=DE/O=Selfsigned Test/CN=localhost" \
+              -keyout localhost-key.pem -out localhost.pem
+    else
+      echo >&2 "FATAL: No valid certificate generation tool found!"
+      exit -1
+    fi
     cat localhost.pem localhost-key.pem > combined.pem
     echo "done"
 else