File: gen_certs.sh

package info (click to toggle)
ruby-mysql2 0.5.5-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,096 kB
  • sloc: ansic: 3,459; ruby: 3,334; sh: 226; makefile: 3
file content (48 lines) | stat: -rw-r--r-- 1,702 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
#!/usr/bin/env bash

set -eux

echo "
[ ca ]
# January 1, 2015
default_startdate = 2015010360000Z

[ req ]
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
# If this isn't set, the error is "error, no objects specified in config file"
commonName = Common Name (hostname, IP, or your name)

countryName_default            = US
stateOrProvinceName_default    = CA
localityName_default           = San Francisco
0.organizationName_default     = mysql2_gem
organizationalUnitName_default = Mysql2Gem
emailAddress_default           = mysql2gem@example.com
" | tee ca.cnf cert.cnf

# The client and server certs must have a different common name than the CA
# to avoid "SSL connection error: error:00000001:lib(0):func(0):reason(1)"

echo "
commonName_default             = ca_mysql2gem
" >> ca.cnf

echo "
commonName_default             = mysql2gem.example.com
" >> cert.cnf

# Generate a set of certificates
openssl genrsa -out ca-key.pem 2048
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -batch -config ca.cnf
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-server-key.pem -out server-req.pem -batch -config cert.cnf
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout pkcs8-client-key.pem -out client-req.pem -batch -config cert.cnf
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

# Convert format from PKCS#8 to PKCS#1
openssl rsa -in pkcs8-server-key.pem -out server-key.pem
openssl rsa -in pkcs8-client-key.pem -out client-key.pem

echo "done"