1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/usr/bin/env bash
CONFIG_DIR="@PROJECT_BINARY_DIR@/examples/https"
# Create new CA
openssl req -new -x509 -days 9999 \
-config "$CONFIG_DIR/etc/ca.cnf" \
-keyout "$CONFIG_DIR/ca-key.pem" \
-out "$CONFIG_DIR/ca-crt.pem"
# Generate private key for server
openssl genrsa -out "$CONFIG_DIR/server-key.pem" 4096
# Generate cert signing request
openssl req -new \
-config "$CONFIG_DIR/etc/server.cnf" \
-key "$CONFIG_DIR/server-key.pem" \
-out "$CONFIG_DIR/server-csr.pem"
# Sign the request
openssl x509 -req \
-extfile "$CONFIG_DIR/etc/server.cnf" \
-days 999 \
-passin "pass:password" \
-in "$CONFIG_DIR/server-csr.pem" \
-CA "$CONFIG_DIR/ca-crt.pem" \
-CAkey "$CONFIG_DIR/ca-key.pem" \
-CAcreateserial \
-out "$CONFIG_DIR/server-crt.pem"
# Generate a few client certs
openssl genrsa -out "$CONFIG_DIR/client1-key.pem" 4096
openssl genrsa -out "$CONFIG_DIR/client2-key.pem" 4096
# create two cert sign requests
openssl req -new -config "$CONFIG_DIR/etc/client1.cnf" -key $CONFIG_DIR/client1-key.pem -out $CONFIG_DIR/client1-csr.pem
openssl req -new -config $CONFIG_DIR/etc/client2.cnf -key $CONFIG_DIR/client2-key.pem -out $CONFIG_DIR/client2-csr.pem
# sign the above client certs
openssl x509 -req \
-extfile $CONFIG_DIR/etc/client1.cnf \
-days 999 \
-passin "pass:password" \
-in $CONFIG_DIR/client1-csr.pem \
-CA $CONFIG_DIR/ca-crt.pem \
-CAkey $CONFIG_DIR/ca-key.pem \
-CAcreateserial \
-out $CONFIG_DIR/client1-crt.pem
openssl x509 -req \
-extfile $CONFIG_DIR/etc/client2.cnf \
-days 999 \
-passin "pass:password" \
-in $CONFIG_DIR/client2-csr.pem \
-CA $CONFIG_DIR/ca-crt.pem \
-CAkey $CONFIG_DIR/ca-key.pem \
-CAcreateserial \
-out $CONFIG_DIR/client2-crt.pem
|
