Created
April 23, 2020 09:23
-
-
Save jpopesculian/55f42c72995ad196fb3c2383cad291f8 to your computer and use it in GitHub Desktop.
Generating Test PKI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -xe | |
| rm -rf generated/ | |
| mkdir -p generated/ | |
| openssl ecparam -name prime256v1 -out generated/nistp256.pem | |
| openssl ecparam -name secp384r1 -out generated/nistp384.pem | |
| openssl req -nodes \ | |
| -x509 \ | |
| -newkey ec:generated/nistp384.pem \ | |
| -keyout generated/ca.key \ | |
| -out generated/ca.cert \ | |
| -sha256 \ | |
| -batch \ | |
| -days 3650 \ | |
| -subj "/CN=riddleandcode generated CA" | |
| openssl req -nodes \ | |
| -newkey ec:generated/nistp256.pem \ | |
| -keyout generated/inter.key \ | |
| -out generated/inter.req \ | |
| -sha256 \ | |
| -batch \ | |
| -days 3000 \ | |
| -subj "/CN=riddleandcode generated level 2 intermediate" | |
| openssl req -nodes \ | |
| -newkey ec:generated/nistp256.pem \ | |
| -keyout generated/end.key \ | |
| -out generated/end.req \ | |
| -sha256 \ | |
| -batch \ | |
| -days 2000 \ | |
| -subj "/CN=riddleandcode service" | |
| for kt in generated; do | |
| openssl x509 -req \ | |
| -in $kt/inter.req \ | |
| -out $kt/inter.cert \ | |
| -CA $kt/ca.cert \ | |
| -CAkey $kt/ca.key \ | |
| -sha256 \ | |
| -days 3650 \ | |
| -set_serial 123 \ | |
| -extensions v3_inter -extfile openssl.cnf | |
| openssl x509 -req \ | |
| -in $kt/end.req \ | |
| -out $kt/end.cert \ | |
| -CA $kt/inter.cert \ | |
| -CAkey $kt/inter.key \ | |
| -sha256 \ | |
| -days 2000 \ | |
| -set_serial 456 \ | |
| -extensions v3_end -extfile openssl.cnf | |
| cat $kt/inter.cert $kt/ca.cert > $kt/end.chain | |
| cat $kt/end.cert $kt/inter.cert $kt/ca.cert > $kt/end.fullchain | |
| openssl asn1parse -in $kt/ca.cert -out $kt/ca.der > /dev/null | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ v3_end ] | |
| basicConstraints = critical,CA:false | |
| keyUsage = nonRepudiation, digitalSignature | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always,issuer:always | |
| subjectAltName = @alt_names | |
| [ v3_inter ] | |
| subjectKeyIdentifier = hash | |
| extendedKeyUsage = critical, serverAuth, clientAuth | |
| basicConstraints = CA:true | |
| keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign | |
| [ alt_names ] | |
| DNS.1 = trusted_node | |
| DNS.2 = localhost |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment