chg: [helper] generate self signed certificates

This commit is contained in:
Terrtia 2019-06-24 14:41:54 +02:00
parent c759142ca2
commit 03ed3c63a1
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
5 changed files with 44 additions and 0 deletions

View file

@ -0,0 +1,14 @@
Usage
=====
These scripts are useful to generate the server's self-signed certificate.
## Root Certification Authority ##
`gen_root.sh`
This will create a rootCA.crt to verify the server's cert.
## Server certificate ##
### Configuration Files ###
Look into these files if you plan to verify the certificate:
* san.cnf holds basic information about the certificate.
* ext.3 holds in particular the 'subjectAltNames** option that is for the verification to succeed.
### Generation ###
`gen_root.sh`

View file

@ -0,0 +1,5 @@
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1

View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
# Create Server key
openssl genrsa -out server.key 4096
# Create the Server Signing Request - non interactive, config in san.cnf
openssl req -sha256 -new -key server.key -out server.csr -config san.cnf
# Create the server certificate by rootCA, with ext3 subjectAltName in ext3.cnf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile ext3.cnf
# Concat in pem
cat server.crt server.key > server.pem

View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
# Create Root key
openssl genrsa -out rootCA.key 4096
# Create and Sign the Root CA Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -config san.cnf

View file

@ -0,0 +1,11 @@
[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=LU
L=Luxembourg
O=AIL-Default
CN = localhost