blob: f3bcea6f5d06d7bbcc04c603693efaf1960a387d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/bin/bash
set -e
DESTDIR=`dirname "$0"`/keys
test -d ${DESTDIR} || mkdir ${DESTDIR}
cd ${DESTDIR}
SSL_SUBJECT="/C=CA/ST=Winnipeg/L=Manitoba/O=Some Corp/OU=IT Department/CN=example.com"
which openssl &>/dev/null
if [ $? -ne 0 ]; then
echo "No openssl binary present, exiting."
exit 1
fi
openssl genrsa -out ca-key.pem 2048 &>/dev/null
openssl req -new -x509 -nodes -days 365000 \
-key ca-key.pem \
-out ca-cert.pem \
-subj "${SSL_SUBJECT}" &>/dev/null
openssl req -newkey rsa:2048 -nodes -days 365000 \
-keyout server-key.pem \
-out server-req.pem \
-subj "${SSL_SUBJECT}" &>/dev/null
openssl x509 -req -days 365000 -set_serial 01 \
-in server-req.pem \
-out server-cert.pem \
-CA ca-cert.pem \
-CAkey ca-key.pem &>/dev/null
openssl req -newkey rsa:2048 -nodes -days 365000 \
-keyout client-key.pem \
-out client-req.pem \
-subj "${SSL_SUBJECT}" &>/dev/null
openssl x509 -req -days 365000 -set_serial 01 \
-in client-req.pem \
-out client-cert.pem \
-CA ca-cert.pem \
-CAkey ca-key.pem &>/dev/null
echo "Keys generated in ${DESTDIR}:"
ls
|
