Skip to content

Instantly share code, notes, and snippets.

@DazWilkin

DazWilkin/certs.sh

Created January 12, 2024 22:38
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DazWilkin/066970ce13fce597faba33dc6555e8e8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DazWilkin/066970ce13fce597faba33dc6555e8e8 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. DazWilkin created this gist Jan 12, 2024.
    53 changes: 53 additions & 0 deletions certs.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,53 @@
    # CA
    # CN is "ca"
    # Expiry in 10 years
    openssl req \
    -x509 \
    -newkey rsa:4096 \
    -keyout ${PWD}/certs/ca.key \
    -out ${PWD}/certs/ca.crt \
    -nodes \
    -days 3650 \
    -subj "/CN=ca"

    # Server key|CSR
    # CN is "server"
    openssl req \
    -newkey rsa:4096 \
    -keyout ${PWD}/certs/server.key \
    -out ${PWD}/certs/server.csr \
    -nodes \
    -subj "/CN=server"

    # Server X509
    # Applies "config"
    # includes SAN which includes "DNS:localhost,IP:127.0.0.1"
    openssl x509 \
    -req \
    -in ${PWD}/certs/server.csr \
    -CA ${PWD}/certs/ca.crt \
    -CAkey ${PWD}/certs/ca.key \
    -CAcreateserial \
    -out ${PWD}/certs/server.crt \
    -extfile ${PWD}/config

    # Client key|CSR
    # CN is "client"
    openssl req \
    -newkey rsa:4096 \
    -keyout ${PWD}/certs/client.key \
    -out ${PWD}/certs/client.csr \
    -nodes \
    -subj "/CN=client"

    # Client X509
    # Applies "config"
    # includes SAN which includes "DNS:localhost,IP:127.0.0.1"
    openssl x509 \
    -req \
    -in ${PWD}/certs/client.csr \
    -CA ${PWD}/certs/ca.crt \
    -CAkey ${PWD}/certs/ca.key \
    -CAcreateserial \
    -out ${PWD}/certs/client.crt \
    -extfile ${PWD}/config
    1 change: 1 addition & 0 deletions config
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1 @@
    subjectAltName=DNS:localhost,IP:0.0.0.0,IP:127.0.0.1