For educational reasons I've decided to create my own CA. Here is what I learned.
Lets get some context first.
Ilya ilya-korotya
sethvargo
/ create-certs.sh
Created
June 6, 2018 16:20
Use openssl to create an x509 self-signed certificate authority (CA), certificate signing request (CSR), and resulting private key with IP SAN and DNS SAN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define where to store the generated certs and metadata. | |
| DIR="$(pwd)/tls" | |
| # Optional: Ensure the target directory exists and is empty. | |
| rm -rf "${DIR}" | |
| mkdir -p "${DIR}" | |
| # Create the openssl configuration file. This is used for both generating | |
| # the certificate as well as for specifying the extensions. It aims in favor | |
| # of automation, so the DN is encoding and not prompted. |