tknv · October 3, 2020 16:47
diff --git a/ore-ore-cert.sh b/ore-ore-cert.sh
 #!/bin/bash

 # set values for certificate
 #
 # CA - Certificate Authority
 # countryName two letter code
 CA_C="NR"
 # stateOrProvinceName
 CA_ST="Yaren"
 # localityName
 CA_L="Makwa"
 # organizationName
 CA_O="AWASLab Research"
 # organizationalUnitName
 CA_OU="Core Lab"
 # commonName FQDN or Name
 CA_CN="awas.lab"
 # emailAddress
 CA_EM="[email protected]"
 # 
 # Server Certificate
 SC_C="MY"
 # stateOrProvinceName
 SC_ST="Penang"
 # localityName
 SC_L="Bayan Lepas"
 # organizationName
 SC_O="AWASLab Research"
 # organizationalUnitName
 SC_OU="Experimental Lab"
 # commonName FQDN or Name
 SC_CN="*.awas.lab"
 # emailAddress
 SC_EM="[email protected]"
 # 
 # Client Certificate
 CC_C="JP"
 # stateOrProvinceName
 CC_ST="Kanagawa"
 # localityName
 CC_L="Zaimokuza"
 # organizationName
 CC_O="AWASLab Research"
 # organizationalUnitName
 CC_OU="Wireless Experimental Lab"
 # commonName FQDN or Name
 CC_CN="wireless.awas.lab"
 # emailAddress
 CC_EM="[email protected]"

 # set values that the commands will share
 VALID_DAYS=360
 CA_KEY=ca.key
 CA_CERT=ca.crt
 CA_CERT_PEM=ca_crt.pem
 CLIENT_KEY=client.key
 CLIENT_KEY_PEM=client_key.pem
 CLIENT_CERT=client.crt
 CLIENT_CERT_PEM=client_crt.pem
 CLIENT_CSR=client.csr
 CLIENT_P12=client_p12
 SERVER_KEY=server.key
 SERVER_CERT=server.crt
 SERVER_CSR=server.csr
 SERVER_CERT_PEM=server_crt.pem 
 SERVER_CERT_forHTTPS=server_include_private.pem
 KEY_BITS=2048

 echo
 echo "Create CA certificate..."
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
 openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CA_CN/emailAddress=$CA_EM/C=$CA_C/ST=$CA_ST/L=$CA_L/O=$CA_O/OU=$CA_OU" -out $CA_CERT
 cat $CA_CERT > $CA_CERT_PEM 
 echo "Done then check"
 openssl x509 -in $CA_CERT -text -noout

 echo
 echo "Creating Server certificate..."
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
 openssl req -new -key $SERVER_KEY -subj "/CN=$SC_CN/emailAddress=$SC_EM/C=$SC_C/ST=$SC_ST/L=$SC_L/O=$SC_O/OU=$SC_OU" -out $SERVER_CSR
 openssl x509 -days $VALID_DAYS -req -extfile <(printf "subjectAltName=DNS:xca.awas.lab,DNS:pf.awas.lab") -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
 cat $SERVER_CERT > $SERVER_CERT_PEM
 cat $SERVER_CERT $SERVER_KEY > $SERVER_CERT_forHTTPS 
 echo "Done then check"
 openssl x509 -in $SERVER_CERT -text -noout

 echo
 echo "Creating Client certificate..."
 USER_ID="example"
 P12_PASSWORD="adminl123"
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
 openssl req -new -key $CLIENT_KEY -subj "/CN=$CC_CN/emailAddress=$CC_EM/C=$CC_C/ST=$CC_ST/L=$CC_L/O=$CC_O/OU=$CC_OU/UID=$USER_ID" -out $CLIENT_CSR
 openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
 openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
 cat $CLIENT_CERT > $CLIENT_CERT_PEM
 cat $CLIENT_KEY > $CLIENT_KEY_PEM 
 echo "Done then check"
 openssl x509 -in $CLIENT_CERT -text -noout
 echo
 echo "----- Don't forget to open your browser and install your $CA_CERT and $CLIENT_P12 certificates -----"
 echo
	#!/bin/bash

	# set values for certificate
	#
	# CA - Certificate Authority
	# countryName two letter code
	CA_C="NR"
	# stateOrProvinceName
	CA_ST="Yaren"
	# localityName
	CA_L="Makwa"
	# organizationName
	CA_O="AWASLab Research"
	# organizationalUnitName
	CA_OU="Core Lab"
	# commonName FQDN or Name
	CA_CN="awas.lab"
	# emailAddress
	CA_EM="[email protected]"
	#
	# Server Certificate
	SC_C="MY"
	# stateOrProvinceName
	SC_ST="Penang"
	# localityName
	SC_L="Bayan Lepas"
	# organizationName
	SC_O="AWASLab Research"
	# organizationalUnitName
	SC_OU="Experimental Lab"
	# commonName FQDN or Name
	SC_CN="*.awas.lab"
	# emailAddress
	SC_EM="[email protected]"
	#
	# Client Certificate
	CC_C="JP"
	# stateOrProvinceName
	CC_ST="Kanagawa"
	# localityName
	CC_L="Zaimokuza"
	# organizationName
	CC_O="AWASLab Research"
	# organizationalUnitName
	CC_OU="Wireless Experimental Lab"
	# commonName FQDN or Name
	CC_CN="wireless.awas.lab"
	# emailAddress
	CC_EM="[email protected]"

	# set values that the commands will share
	VALID_DAYS=360
	CA_KEY=ca.key
	CA_CERT=ca.crt
	CA_CERT_PEM=ca_crt.pem
	CLIENT_KEY=client.key
	CLIENT_KEY_PEM=client_key.pem
	CLIENT_CERT=client.crt
	CLIENT_CERT_PEM=client_crt.pem
	CLIENT_CSR=client.csr
	CLIENT_P12=client_p12
	SERVER_KEY=server.key
	SERVER_CERT=server.crt
	SERVER_CSR=server.csr
	SERVER_CERT_PEM=server_crt.pem
	SERVER_CERT_forHTTPS=server_include_private.pem
	KEY_BITS=2048

	echo
	echo "Create CA certificate..."
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
	openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CA_CN/emailAddress=$CA_EM/C=$CA_C/ST=$CA_ST/L=$CA_L/O=$CA_O/OU=$CA_OU" -out $CA_CERT
	cat $CA_CERT > $CA_CERT_PEM
	echo "Done then check"
	openssl x509 -in $CA_CERT -text -noout

	echo
	echo "Creating Server certificate..."
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
	openssl req -new -key $SERVER_KEY -subj "/CN=$SC_CN/emailAddress=$SC_EM/C=$SC_C/ST=$SC_ST/L=$SC_L/O=$SC_O/OU=$SC_OU" -out $SERVER_CSR
	openssl x509 -days $VALID_DAYS -req -extfile <(printf "subjectAltName=DNS:xca.awas.lab,DNS:pf.awas.lab") -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
	cat $SERVER_CERT > $SERVER_CERT_PEM
	cat $SERVER_CERT $SERVER_KEY > $SERVER_CERT_forHTTPS
	echo "Done then check"
	openssl x509 -in $SERVER_CERT -text -noout

	echo
	echo "Creating Client certificate..."
	USER_ID="example"
	P12_PASSWORD="adminl123"
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
	openssl req -new -key $CLIENT_KEY -subj "/CN=$CC_CN/emailAddress=$CC_EM/C=$CC_C/ST=$CC_ST/L=$CC_L/O=$CC_O/OU=$CC_OU/UID=$USER_ID" -out $CLIENT_CSR
	openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
	openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
	cat $CLIENT_CERT > $CLIENT_CERT_PEM
	cat $CLIENT_KEY > $CLIENT_KEY_PEM
	echo "Done then check"
	openssl x509 -in $CLIENT_CERT -text -noout
	echo
	echo "----- Don't forget to open your browser and install your $CA_CERT and $CLIENT_P12 certificates -----"
	echo