-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgenerate_certs.sh
42 lines (39 loc) · 1.03 KB
/
generate_certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Certificate Authority (CA)
openssl req -new -x509 \
-sha256 \
-subj "/CN=ca.localhost/C=DE" \
-days 3650 \
-keyout ca-key.pem \
-out ca-cert.pem
# Server certificate
# Create a key
openssl genrsa -out server/cert/key.pem 4096
# Create a certificate signing request
openssl req -new \
-subj "/CN=localhost/C=DE" \
-addext "subjectAltName=DNS:localhost" \
-key server/cert/key.pem \
-out server/cert/csr.pem
# Sign it with the CA
openssl x509 -req \
-extfile <(printf "subjectAltName=DNS:localhost") \
-days 3650 \
-in server/cert/csr.pem \
-CA ca-cert.pem \
-CAkey ca-key.pem -CAcreateserial \
-out server/cert/cert.pem
# Client certificate
# Create a key
openssl genrsa -out client/cert/key.pem 4096
# Create a certificate signing request
openssl req -new \
-subj "/CN=localhost/C=DE" \
-key client/cert/key.pem \
-out client/cert/csr.pem
# Sign it with the CA
openssl x509 -req \
-days 3650 \
-in client/cert/csr.pem \
-CA ca-cert.pem \
-CAkey ca-key.pem -CAcreateserial \
-out client/cert/cert.pem