-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcertificates.sh
executable file
·26 lines (19 loc) · 1.18 KB
/
certificates.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#! /bin/bash
SERVER_IP=127.0.0.1 # must be ip addr, not domain name (includes localhost)
if [ ! -d "ssl" ];then
mkdir ssl
fi
cd ssl
# create config file to use it as param '-extfile' when creating server.crt by "openssl x509" (Step 4)
echo "subjectAltName = IP:${SERVER_IP}" > san.cnf # using IP as SAN
# Step 1: Generate Certificate Authority + Trust Certificate (ca.crt)
openssl genrsa -passout pass:1111 -des3 -out ca.key 4096
openssl req -passin pass:1111 -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=${SERVER_IP}"
# Step 2: Generate the Server Private Key (server.key)
openssl genrsa -passout pass:1111 -des3 -out server.key 4096
# Step 3: Get a certificate signing request from the CA (server.csr)
openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_IP}"
# Step 4: Sign the certificate with the CA we created (it's called self signing) - server.crt
openssl x509 -req -passin pass:1111 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extfile san.cnf
# Step 5: Convert the server certificate to .pem format (server.pem) - usable by gRPC
openssl pkcs8 -topk8 -nocrypt -passin pass:1111 -in server.key -out server.pem