ssl key pair

generate.sh

#!/bin/sh

CA_PASS="1234"
SERVER_PASS="4321"
CLIENT_PASS="5678"

cat > "openssl.cnf" << EOF
[v3_req]
subjectAltName       = @alt_names
# Alternative names are specified as IP.# and DNS.# for IP addresses and
# DNS accordingly. 
[alt_names]
IP.1  = 1.2.3.4
DNS.1 = my.dns.name
EOF

###################### CA ######################
# Generate CA key:
openssl genrsa -des3 -out ca.key -passout pass:$CA_PASS 4096

# Generate CA certificate:
openssl req -new -x509 -sha256 -days 365 -key ca.key -out ca.crt -passin pass:$CA_PASS -subj "/C=VN/ST=HCM/L=HCM/O=HDT Ltd/OU=HTD Ltd/CN=fotra.com"

###################### Server ######################
# Generate server key:
openssl genrsa -des3 -out server.key -passout pass:$SERVER_PASS 4096

# Generate server signing request:
openssl req -new -sha256 -key server.key -out server.csr -passin pass:$SERVER_PASS -subj "/C=VN/ST=HCM/L=HCM/O=HDT Ltd/OU=HTD Ltd/CN=fotra.com"

# Self-sign server certificate:
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -passin pass:$CA_PASS -extensions v3_req -extfile openssl.cnf

# Remove passphrase from the server key:
openssl rsa -in server.key -out server.key -passin pass:$SERVER_PASS

###################### Client ######################
# Generate client key:
openssl genrsa -des3 -out client.key -passout pass:$CLIENT_PASS 4096

# Generate client signing request:
openssl req -new -key client.key -out client.csr -passin pass:$CLIENT_PASS -subj "/C=VN/ST=HCM/L=HCM/O=HDT Ltd/OU=HTD Ltd/CN=fotra.com"

# Self-sign client certificate:
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt -passin pass:$CA_PASS

# Remove passphrase from the client key:
openssl rsa -in client.key -out client.key -passin pass:$CLIENT_PASS