yottta · November 10, 2025 07:04
diff --git a/create-cert.sh b/create-cert.sh
 #!/bin/bash
 # This script generates a cert that can be used by the client indicated by $1 ip to connect securely to a connection
 # initiated by the listening client.

 ip=$1
 if [ -z "$ip" ]; then
  echo "invalid request. Eg: ./$(basename $0) 192.168.100.30"
  exit 1
 fi

 # 1. Generate CA private key
 openssl genrsa -out root_ca.key 2048

 # 2. Generate CA certificate signed by the key generated at #1
 openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem  -subj "/C=RO/ST=Brasov/L=Brasov/O=andpec/OU=andpec/CN=*.andpec.tech/"

 # 3. Generate client private key
 openssl genrsa -out server.key 2048

 # 4. Generate client certificate request (CSR) having the common name the IP that the connection is meant to connect to
 openssl req -new -key server.key -out server.csr -subj "/C=RO/ST=Brasov/L=Brasov/O=andpec/OU=hopconn/CN=$ip/"

 # 5. Generate client certificate having the subjectAltName pointing to the IP that this connection is meant to connect to
 openssl x509 -req -extfile <(printf "subjectAltName=IP:%s" "$ip") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256

 #
 ## 1. Generate CA's private key and self-signed certificate
 #openssl req -newkey rsa:2048 \
 #  -new -nodes -x509 \
 #  -days 2 \
 #  -out ca-cert.pem \
 #  -keyout ca-key.pem \
 #  -subj "/C=RO/ST=Brasov/L=Brasov/O=Andpec/OU=hopconn/CN=*.andpec.tech/[email protected]"
 #
 ## 2. Generate connection's private key and certificate signing request (CSR)
 #openssl req -newkey rsa:2048 \
 #  -new -nodes \
 #  -out conn-req.pem \
 #  -keyout conn-key.pem \
 #  -subj "/C=RO/ST=Brasov/L=Brasov/O=Andpec/OU=hopconn/CN=*.andpec.tech/[email protected]" # in the subject should be the client's info
 #
 ## 3. Use CA's private key to sign client's CSR and get back the signed certificate
 #openssl x509 -req -in conn-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out conn-cert.pem
	#!/bin/bash
	# This script generates a cert that can be used by the client indicated by $1 ip to connect securely to a connection
	# initiated by the listening client.

	ip=$1
	if [ -z "$ip" ]; then
	echo "invalid request. Eg: ./$(basename $0) 192.168.100.30"
	exit 1
	fi

	# 1. Generate CA private key
	openssl genrsa -out root_ca.key 2048

	# 2. Generate CA certificate signed by the key generated at #1
	openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem -subj "/C=RO/ST=Brasov/L=Brasov/O=andpec/OU=andpec/CN=*.andpec.tech/"

	# 3. Generate client private key
	openssl genrsa -out server.key 2048

	# 4. Generate client certificate request (CSR) having the common name the IP that the connection is meant to connect to
	openssl req -new -key server.key -out server.csr -subj "/C=RO/ST=Brasov/L=Brasov/O=andpec/OU=hopconn/CN=$ip/"

	# 5. Generate client certificate having the subjectAltName pointing to the IP that this connection is meant to connect to
	openssl x509 -req -extfile <(printf "subjectAltName=IP:%s" "$ip") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256

	#
	## 1. Generate CA's private key and self-signed certificate
	#openssl req -newkey rsa:2048 \
	# -new -nodes -x509 \
	# -days 2 \
	# -out ca-cert.pem \
	# -keyout ca-key.pem \
	# -subj "/C=RO/ST=Brasov/L=Brasov/O=Andpec/OU=hopconn/CN=*.andpec.tech/[email protected]"
	#
	## 2. Generate connection's private key and certificate signing request (CSR)
	#openssl req -newkey rsa:2048 \
	# -new -nodes \
	# -out conn-req.pem \
	# -keyout conn-key.pem \
	# -subj "/C=RO/ST=Brasov/L=Brasov/O=Andpec/OU=hopconn/CN=*.andpec.tech/[email protected]" # in the subject should be the client's info
	#
	## 3. Use CA's private key to sign client's CSR and get back the signed certificate
	#openssl x509 -req -in conn-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out conn-cert.pem
No results found