Created
May 19, 2020 06:48
-
-
Save mosuka/138683df685e36fe839d0b0dd23597fd to your computer and use it in GitHub Desktop.
create_cert.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
rm -rf ca | |
mkdir -p ca/{client,server} | |
#openssl genrsa -aes256 -out ca/ca.key 4096 chmod 400 ca/ca.key | |
openssl genrsa -out ca/ca.key 4096 | |
chmod 400 ca/ca.key | |
openssl req -new -x509 -sha256 -days 730 -key ca/ca.key -out ca/ca.crt -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes | |
chmod 444 ca/ca.crt | |
openssl genrsa -out ca/server/client-ssl.key 2048 | |
chmod 400 ca/server/client-ssl.key | |
openssl req -new -key ca/server/client-ssl.key -sha256 -out ca/server/client-ssl.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes | |
chmod 444 ca/server/client-ssl.csr | |
openssl genrsa -out ca/server/server-ssl.key 2048 | |
chmod 400 ca/server/server-ssl.key | |
openssl req -new -key ca/server/server-ssl.key -sha256 -out ca/server/server-ssl.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes | |
openssl x509 -req -days 365 -sha256 -in ca/server/server-ssl.csr -CA ca/ca.crt -CAkey ca/ca.key -set_serial 1 -out ca/server/server-ssl.crt | |
chmod 444 ca/server/server-ssl.crt | |
# verify | |
# openssl x509 -noout -text -in ca/server/server-ssl.crt | |
openssl genrsa -out ca/client/client.key 2048 | |
chmod 400 ca/server/client-ssl.key | |
openssl req -new -key ca/client/client.key -out ca/client/client.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes | |
openssl x509 -req -days 365 -sha256 -in ca/client/client.csr -CA ca/ca.crt -CAkey ca/ca.key -set_serial 2 -out ca/client/client.crt | |
chmod 444 ca/client/client.crt | |
# generate pem file to use with curl | |
cat ca/client/client.crt ca/client/client.key > ca/client/client.pem | |
# generate cert file to use with browser -- client.p12 | |
openssl pkcs12 -export -out ca/client.p12 -in ca/client/client.pem -inkey ca/client/client.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment