| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- #!/bin/bash
- # ./cert.sh foo@foo.com 127.0.0.1
- # Found: https://gist.github.com/ncw/9253562#file-makecert-sh
- if [ "$1" == "" ]; then
- echo "Need email as argument"
- exit 1
- fi
- if [ "$2" == "" ]; then
- echo "Need CN as argument"
- exit 1
- fi
- PRIVKEY="test"
- EMAIL=$1
- CN=$2
- rm -rf tmp
- mkdir tmp
- cd tmp
- echo "make CA"
- openssl req -new -x509 -days 3650 -keyout ca.key -out ca.pem \
- -config ../openssl.conf -extensions ca \
- -subj "/CN=ca" \
- -passout pass:$PRIVKEY
- echo "make server cert"
- openssl genrsa -out server.key 2048
- openssl req -new -sha256 -key server.key -out server.req \
- -subj "/emailAddress=${EMAIL}/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=${CN}"
- openssl x509 -req -days 3650 -sha256 -in server.req -CA ca.pem -CAkey ca.key -CAcreateserial -passin pass:$PRIVKEY -out server.pem \
- -extfile ../openssl.conf -extensions server
-
- echo "make client cert"
- openssl genrsa -out client.key 2048
- openssl req -new -sha256 -key client.key -out client.req \
- -subj "/emailAddress=${EMAIL}/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=${CN}"
- openssl x509 -req -days 3650 -sha256 -in client.req -CA ca.pem -CAkey ca.key -CAserial ca.srl -passin pass:$PRIVKEY -out client.pem \
- -extfile ../openssl.conf -extensions client
- cd ..
- mv tmp/* certs
- rm -rf tmp
|
