-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathinit-certificates.sh
executable file
·49 lines (39 loc) · 1.29 KB
/
init-certificates.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#! /bin/sh
set -ex
OUTDIR="$1"
ROOTCN="$2"
FQDN=127.0.0.1
# generate root private key
openssl genrsa 4096 > "${OUTDIR}/root.key"
# self sign root certificate
openssl req \
-new \
-x509 \
-nodes \
-sha256 \
-key "${OUTDIR}/root.key" \
-days 3650 \
-subj "/C=AU/CN=$ROOTCN" \
-out "${OUTDIR}/root.crt"
# generate request
SAN="IP:$FQDN" openssl req \
-newkey rsa:4096 \
-nodes -sha256 \
-keyout "${OUTDIR}/cert.key" \
-subj "/C=AU/CN=$FQDN" \
-out "${OUTDIR}/cert.csr"
# sign request with root ca
SAN="IP:$FQDN" openssl x509 \
-req -sha256 \
-days 3650 \
-in "${OUTDIR}/cert.csr" \
-CA "${OUTDIR}/root.crt" \
-CAkey "${OUTDIR}/root.key" \
-CAcreateserial \
-out "${OUTDIR}/cert.crt"
# convert certificate and private key
cat "${OUTDIR}/cert.crt" "${OUTDIR}/cert.key" > "${OUTDIR}/cert.pem"
openssl pkcs12 -export -out "${OUTDIR}/certificate.pfx" -inkey "${OUTDIR}/cert.key" -in "${OUTDIR}/cert.crt" -certfile "${OUTDIR}/root.crt" -passout pass:
# generate chain
openssl crl2pkcs7 -nocrl -certfile "${OUTDIR}/cert.crt" -out "${OUTDIR}/chain.p7b" -certfile "${OUTDIR}/root.crt"
openssl pkcs7 -print_certs -in "${OUTDIR}/chain.p7b" -out "${OUTDIR}/chain.pem"