dgulinobw · January 25, 2017 21:59
diff --git a/gen_certs.sh b/gen_certs.sh
 #!/bin/bash
 # USAGE: > gen_certs.sh <root cert name> <server cert name> <client cert name>
 if [ "$#" -ne 3 ]; then
    echo "Illegal arguments, USAGE: > gen_certs.sh <root cert name> <server cert name> <client cert name>"
    exit 1
 fi

 mkdir testca
 cd testca
 mkdir certs private
 chmod 700 private
 echo 01 > serial
 touch index.txt

 echo "[ ca ]
 default_ca = testca

 [ testca ]
 dir = .
 certificate = \$dir/cacert.pem
 database = \$dir/index.txt
 new_certs_dir = \$dir/certs
 private_key = \$dir/private/cakey.pem
 serial = \$dir/serial

 default_crl_days = 7
 default_days = 3650
 default_md = sha256

 policy = testca_policy
 x509_extensions = certificate_extensions

 [ testca_policy ]
 commonName = supplied
 stateOrProvinceName = optional
 countryName = optional
 emailAddress = optional
 organizationName = optional
 organizationalUnitName = optional
 domainComponent = optional

 [ certificate_extensions ]
 basicConstraints = CA:false

 [ req ]
 default_bits = 2048
 default_keyfile = ./private/cakey.pem
 default_md = sha256
 prompt = yes
 distinguished_name = root_ca_distinguished_name
 x509_extensions = root_ca_extensions

 [ root_ca_distinguished_name ]
 commonName = hostname

 [ root_ca_extensions ]
 basicConstraints = CA:true
 keyUsage = keyCertSign, cRLSign

 [ client_ca_extensions ]
 basicConstraints = CA:false
 keyUsage = digitalSignature
 extendedKeyUsage = 1.3.6.1.5.5.7.3.2

 [ server_ca_extensions ]
 basicConstraints = CA:false
 keyUsage = keyEncipherment
 extendedKeyUsage = 1.3.6.1.5.5.7.3.1" > openssl.cnf

 openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 3650 -out cacert.pem -outform PEM -subj /CN=$1/ -nodes
 openssl x509 -in cacert.pem -out cacert.cer -outform DER

 cd ..
 mkdir server
 cd server
 openssl genrsa -out key.pem 2048
 openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$2/O=server/ -nodes
 cd ../testca
 pwd
 openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions server_ca_extensions

 cd ..
 mkdir client
 cd client
 openssl genrsa -out key.pem 2048
 openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$3/O=client/ -nodes
 cd ../testca
 openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions
	#!/bin/bash
	# USAGE: > gen_certs.sh <root cert name> <server cert name> <client cert name>
	if [ "$#" -ne 3 ]; then
	echo "Illegal arguments, USAGE: > gen_certs.sh <root cert name> <server cert name> <client cert name>"
	exit 1
	fi

	mkdir testca
	cd testca
	mkdir certs private
	chmod 700 private
	echo 01 > serial
	touch index.txt

	echo "[ ca ]
	default_ca = testca

	[ testca ]
	dir = .
	certificate = \$dir/cacert.pem
	database = \$dir/index.txt
	new_certs_dir = \$dir/certs
	private_key = \$dir/private/cakey.pem
	serial = \$dir/serial

	default_crl_days = 7
	default_days = 3650
	default_md = sha256

	policy = testca_policy
	x509_extensions = certificate_extensions

	[ testca_policy ]
	commonName = supplied
	stateOrProvinceName = optional
	countryName = optional
	emailAddress = optional
	organizationName = optional
	organizationalUnitName = optional
	domainComponent = optional

	[ certificate_extensions ]
	basicConstraints = CA:false

	[ req ]
	default_bits = 2048
	default_keyfile = ./private/cakey.pem
	default_md = sha256
	prompt = yes
	distinguished_name = root_ca_distinguished_name
	x509_extensions = root_ca_extensions

	[ root_ca_distinguished_name ]
	commonName = hostname

	[ root_ca_extensions ]
	basicConstraints = CA:true
	keyUsage = keyCertSign, cRLSign

	[ client_ca_extensions ]
	basicConstraints = CA:false
	keyUsage = digitalSignature
	extendedKeyUsage = 1.3.6.1.5.5.7.3.2

	[ server_ca_extensions ]
	basicConstraints = CA:false
	keyUsage = keyEncipherment
	extendedKeyUsage = 1.3.6.1.5.5.7.3.1" > openssl.cnf

	openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 3650 -out cacert.pem -outform PEM -subj /CN=$1/ -nodes
	openssl x509 -in cacert.pem -out cacert.cer -outform DER

	cd ..
	mkdir server
	cd server
	openssl genrsa -out key.pem 2048
	openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$2/O=server/ -nodes
	cd ../testca
	pwd
	openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions server_ca_extensions

	cd ..
	mkdir client
	cd client
	openssl genrsa -out key.pem 2048
	openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$3/O=client/ -nodes
	cd ../testca
	openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions