mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-10 08:38:28 +00:00
chg: [helper] generate self signed certificates
This commit is contained in:
parent
c759142ca2
commit
03ed3c63a1
5 changed files with 44 additions and 0 deletions
14
bin/helper/gen_cert/README.md
Normal file
14
bin/helper/gen_cert/README.md
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
Usage
|
||||||
|
=====
|
||||||
|
These scripts are useful to generate the server's self-signed certificate.
|
||||||
|
## Root Certification Authority ##
|
||||||
|
`gen_root.sh`
|
||||||
|
This will create a rootCA.crt to verify the server's cert.
|
||||||
|
## Server certificate ##
|
||||||
|
### Configuration Files ###
|
||||||
|
Look into these files if you plan to verify the certificate:
|
||||||
|
* san.cnf holds basic information about the certificate.
|
||||||
|
* ext.3 holds in particular the 'subjectAltNames** option that is for the verification to succeed.
|
||||||
|
|
||||||
|
### Generation ###
|
||||||
|
`gen_root.sh`
|
5
bin/helper/gen_cert/ext3.cnf
Normal file
5
bin/helper/gen_cert/ext3.cnf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[alt_names]
|
||||||
|
IP.1 = 127.0.0.1
|
9
bin/helper/gen_cert/gen_cert.sh
Executable file
9
bin/helper/gen_cert/gen_cert.sh
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Create Server key
|
||||||
|
openssl genrsa -out server.key 4096
|
||||||
|
# Create the Server Signing Request - non interactive, config in san.cnf
|
||||||
|
openssl req -sha256 -new -key server.key -out server.csr -config san.cnf
|
||||||
|
# Create the server certificate by rootCA, with ext3 subjectAltName in ext3.cnf
|
||||||
|
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile ext3.cnf
|
||||||
|
# Concat in pem
|
||||||
|
cat server.crt server.key > server.pem
|
5
bin/helper/gen_cert/gen_root.sh
Executable file
5
bin/helper/gen_cert/gen_root.sh
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Create Root key
|
||||||
|
openssl genrsa -out rootCA.key 4096
|
||||||
|
# Create and Sign the Root CA Certificate
|
||||||
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -config san.cnf
|
11
bin/helper/gen_cert/san.cnf
Normal file
11
bin/helper/gen_cert/san.cnf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
[req]
|
||||||
|
default_bits = 4096
|
||||||
|
prompt = no
|
||||||
|
default_md = sha256
|
||||||
|
distinguished_name = dn
|
||||||
|
|
||||||
|
[dn]
|
||||||
|
C=LU
|
||||||
|
L=Luxembourg
|
||||||
|
O=AIL-Default
|
||||||
|
CN = localhost
|
Loading…
Reference in a new issue