Generate Self-Signed For Server & Client

GenerateSSL.sh

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -sha256 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem

# server key
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -sha256 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

# client key
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -sha256 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

# check key ok
openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem

#DHPARAM
openssl dhparam -out dhparam.pem 2048

openssl req -nodes -newkey rsa:2048 -days 3600 -keyout server-key.pem -out server-req.pem -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=TH
ST=Bangkok
L=Bangkok
O=Advanced Software And Robotics
OU=Enterprise Service Support
emailAddress= [email protected]
CN = gs.appstack.cc

[ req_ext ]

EOF

)

Check expire date

openssl x509 -enddate -noout -in /path/file.pem

Certificat for Server Only
openssl req -newkey rsa:4096
-x509
-sha256
-days 3650
-nodes
-out example.crt
-keyout example.key
-subj "/C=TH/ST=Bangkok/L=Bangkok/O=ASR/OU=RD/CN=api.asr.co.th"