Last active
May 1, 2023 16:12
-
-
Save hktaskin/103f504fcfe2261533281c6920680323 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# CA icin private key uret | |
sudo openssl genrsa -out ca.key 2048 | |
# CA sertifikasini selfsigned olarak olustur | |
echo "------------------------------------------" | |
echo " CA SERTIFIKA OLUSTURMA " | |
echo "------------------------------------------" | |
sudo openssl req -new -x509 -key ca.key -out ca.crt | |
# Uygulama icin private key uret | |
sudo openssl genrsa -out cert1.key 2048 | |
# Uygulama icin sertifika istegi (CSR) uret | |
echo "------------------------------------------" | |
echo " UYGULAMA SERTIFIKA OLUSTURMA " | |
echo "------------------------------------------" | |
sudo openssl req -new -key cert1.key -out cert1.csr | |
# CA key'i ile uygulama sertifika istegini isleme al ve CA imzali uygulama sertifikasini olustur. | |
sudo openssl x509 -req -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt | |
# X509v3 Subject Alternative Name alanini guncelleyerek CA imzali uygulama sertifikasini olustur. | |
sudo openssl x509 -req -extfile <(printf "subjectAltName=DNS:[FQDN]") -days 365 -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt | |
# Sertifika icerigini goruntule | |
# openssl x509 -in cert1.crt -text -noout | |
# CA sertifikasi ve cert1 key ve sertifikasini p12 formatinda kaydet | |
echo "------------------------------------------" | |
echo " JAVA KEYSTORE OLUSTURMA " | |
echo " Password: changeme " | |
echo "------------------------------------------" | |
sudo openssl pkcs12 -export -in cert1.crt -inkey cert1.key -out cert1.p12 -name cert1 -certfile ca.crt | |
# Java keystore olustur ve icine uygulama sertifikasi cert1'i ekle. | |
sudo keytool -importkeystore -srcstorepass changeme -srckeystore cert1.p12 -srcstoretype PKCS12 -deststorepass changeme -destkeystore keystore.jks -alias cert1 | |
# Java keystore'a CA sertifikasini ekle ve guvenilir olmasini sec. uyari ekraninda yes yazilmali | |
sudo keytool -import -alias root -keystore keystore.jks -storepass changeme -trustcacerts -file ca.crt | |
sudo cp keystore.jks truststore.jks | |
echo "------------------------------------------" | |
echo " BITTI " | |
echo "------------------------------------------" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment