artyomb · April 27, 2018 16:00
diff --git a/make_ca.sh b/make_ca.sh
 #!/bin/bash
 cd "$(dirname "$0")"

 #Generage CA (self-signed)
 openssl req -x509 -nodes -days 5000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

 #Debug dump
 openssl x509 -in ca.crt -noout -text >ca.txt
 openssl x509 -noout -fingerprint -in ca.crt >> ca.txt

 openssl verify -verbose -CAfile ca.crt ca.crt


 #Calculate SKI (Subject Key Identifier)
 openssl x509  -noout -in ca.crt -pubkey  | openssl asn1parse  -strparse 19 -out ca.pub.tmp 1>/dev/null
 openssl dgst -c -sha1 ca.pub.tmp
 rm *.tmp
diff --git a/make_client.sh b/make_client.sh
 #!/bin/bash
 cd "$(dirname "$0")"

 c_name="client1"
 file_name="client1"
 ca_crt='../ca.crt'
 ca_key='../ca.key'

 #Generate client certificate
 openssl genrsa -out $file_name.key 2048
 openssl req -new -key $file_name.key -out $file_name.csr -subj "/O=Group/OU=Org/CN=$c_name"
 openssl x509 -req -extfile v3.ext -in $file_name.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out $file_name.crt -days 365

 # Genegate PKCS12 for FifeFox and Chrome
 openssl pkcs12 -export -in $file_name.crt -inkey $file_name.key -name "$c_name Org" -out $file_name.p12


 #Debug dump
 echo "------------Check------------"
 openssl pkcs12 -in $file_name.p12 -nodes -passin pass:"" | openssl x509 -noout -text >$file_name.p12.txt
 #openssl pkcs12 -in $file_name.p12 -nodes  | openssl x509 -noout -text >$file_name.p12.txt
 openssl x509 -noout -text -in $file_name.crt >$file_name.crt.txt

 openssl verify -verbose -CAfile $ca_crt $file_name.crt
diff --git a/make_server.sh b/make_server.sh
 #!/bin/bash
 cd "$(dirname "$0")"
 #ALTNAME="DNS:<host1>,DNS:<host2>"
 ca_crt='../ca.crt'
 ca_key='../ca.key'

 #Generate certificate
 openssl genrsa -out server.key 2048

 openssl req -new -key server.key -out server.csr -subj "/O=Group/OU=Org/CN=222.222.45.66"
 #    -reqexts SAN -config <( cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName='DNS.1:222.222.45.66:8080,DNS.2:222.222.45.66:9090,DNS.3:app.scispike.com'"))

 openssl x509 -req -extfile v3.ext -in server.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out server.crt -days 365\
    -extfile <(cat ./v3.ext <(printf "\nsubjectAltName=IP:222.222.45.66,DNS:222.222.45.66"))

 #Debug dump
 openssl req -in server.csr -text -noout >server.csr.txt
 openssl x509 -in server.crt -noout -text >server.crt.txt
 openssl verify -verbose -CAfile $ca_crt server.crt
	#!/bin/bash
	cd "$(dirname "$0")"

	#Generage CA (self-signed)
	openssl req -x509 -nodes -days 5000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

	#Debug dump
	openssl x509 -in ca.crt -noout -text >ca.txt
	openssl x509 -noout -fingerprint -in ca.crt >> ca.txt

	openssl verify -verbose -CAfile ca.crt ca.crt


	#Calculate SKI (Subject Key Identifier)
	openssl x509 -noout -in ca.crt -pubkey \| openssl asn1parse -strparse 19 -out ca.pub.tmp 1>/dev/null
	openssl dgst -c -sha1 ca.pub.tmp
	rm *.tmp
	#!/bin/bash
	cd "$(dirname "$0")"

	c_name="client1"
	file_name="client1"
	ca_crt='../ca.crt'
	ca_key='../ca.key'

	#Generate client certificate
	openssl genrsa -out $file_name.key 2048
	openssl req -new -key $file_name.key -out $file_name.csr -subj "/O=Group/OU=Org/CN=$c_name"
	openssl x509 -req -extfile v3.ext -in $file_name.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out $file_name.crt -days 365

	# Genegate PKCS12 for FifeFox and Chrome
	openssl pkcs12 -export -in $file_name.crt -inkey $file_name.key -name "$c_name Org" -out $file_name.p12


	#Debug dump
	echo "------------Check------------"
	openssl pkcs12 -in $file_name.p12 -nodes -passin pass:"" \| openssl x509 -noout -text >$file_name.p12.txt
	#openssl pkcs12 -in $file_name.p12 -nodes \| openssl x509 -noout -text >$file_name.p12.txt
	openssl x509 -noout -text -in $file_name.crt >$file_name.crt.txt

	openssl verify -verbose -CAfile $ca_crt $file_name.crt
	#!/bin/bash
	cd "$(dirname "$0")"
	#ALTNAME="DNS:<host1>,DNS:<host2>"
	ca_crt='../ca.crt'
	ca_key='../ca.key'

	#Generate certificate
	openssl genrsa -out server.key 2048

	openssl req -new -key server.key -out server.csr -subj "/O=Group/OU=Org/CN=222.222.45.66"
	# -reqexts SAN -config <( cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName='DNS.1:222.222.45.66:8080,DNS.2:222.222.45.66:9090,DNS.3:app.scispike.com'"))

	openssl x509 -req -extfile v3.ext -in server.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out server.crt -days 365\
	-extfile <(cat ./v3.ext <(printf "\nsubjectAltName=IP:222.222.45.66,DNS:222.222.45.66"))

	#Debug dump
	openssl req -in server.csr -text -noout >server.csr.txt
	openssl x509 -in server.crt -noout -text >server.crt.txt
	openssl verify -verbose -CAfile $ca_crt server.crt