Last active
November 9, 2024 03:32
-
-
Save ichux/43027cc04e0494ebfbd5e5b0703a7794 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Remove existing key and certificate files | |
| rm -f *.key *.crt | |
| # Set the file names and parameters | |
| CA_KEY="ca.key" | |
| CA_CERT="ca.crt" | |
| CA_SERIAL="ca.srl" | |
| SERVER_KEY="default_4430.key" | |
| SERVER_CSR="default_4430.csr" | |
| SERVER_CERT="default_4430.pem" | |
| FINAL_CERT="default_4430.crt" | |
| DAYS_VALID_CA=3650 # 10 years for the CA certificate | |
| DAYS_VALID_SERVER=3650 # 10 years for the server certificate | |
| # Step 1: Generate the Root CA's private key and self-signed certificate | |
| echo "Generating the CA's private key and self-signed certificate..." | |
| openssl genpkey -algorithm RSA -out $CA_KEY 2>/dev/null | |
| openssl req -x509 -new -nodes -key $CA_KEY -sha256 -days $DAYS_VALID_CA -out $CA_CERT -subj "/C=NG/ST=Lagos/L=Ikorodu/O=Pitch Cardinal Coding Limited/OU=Technology/CN=MyRootCA" 2>/dev/null | |
| # Step 2: Generate the private key for the primary certificate | |
| echo "Generating the primary certificate's private key..." | |
| openssl genpkey -algorithm RSA -out $SERVER_KEY 2>/dev/null | |
| # Step 3: Create a Certificate Signing Request (CSR) for the primary certificate | |
| echo "Creating a CSR for the primary certificate..." | |
| openssl req -new -key $SERVER_KEY -out $SERVER_CSR -subj "/C=NG/ST=Lagos/L=Ikorodu/O=Pitch Cardinal Coding Limited/OU=Technology/CN=127.0.0.1" 2>/dev/null | |
| # Step 4: Sign the CSR with the root CA to create the primary certificate | |
| echo "Signing the primary certificate with the root CA..." | |
| openssl x509 -req -in $SERVER_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $SERVER_CERT -days $DAYS_VALID_SERVER -sha256 2>/dev/null | |
| # Step 5: Concatenate the primary certificate and the CA certificate to create the final certificate chain | |
| echo "Creating the final certificate file with the certificate chain..." | |
| cat $SERVER_CERT $CA_CERT > $FINAL_CERT | |
| # Clean up unnecessary files | |
| rm -f $SERVER_CSR $SERVER_CERT $CA_SERIAL; echo | |
| # Output generated files | |
| echo " - Root CA Key: $CA_KEY" | |
| echo " - Root CA Certificate: $CA_CERT" | |
| echo " - Server Key (Private Key): $SERVER_KEY" | |
| echo " - Final Certificate (with Chain): $FINAL_CERT" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment