You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
1.1 KiB
25 lines
1.1 KiB
3 years ago
|
set -ex
|
||
3 years ago
|
source $(dirname $0)/rootdir.sh #set ROOTDIR
|
||
|
DIR=$ROOTDIR/certs
|
||
3 years ago
|
V3_CFG=$DIR/v3.ext
|
||
3 years ago
|
|
||
3 years ago
|
mkdir -p $DIR
|
||
3 years ago
|
cat > $V3_CFG << EOF
|
||
3 years ago
|
authorityKeyIdentifier=keyid,issuer
|
||
|
basicConstraints=CA:FALSE
|
||
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
|
||
3 years ago
|
subjectAltName = @alt_names
|
||
|
|
||
|
[alt_names]
|
||
|
DNS.1 = ortem.xyz
|
||
|
DNS.2 = u_server
|
||
3 years ago
|
EOF
|
||
|
|
||
|
openssl req -x509 -newkey rsa:4096 -keyout $DIR/ca.key -out $DIR/ca.crt -nodes -days 365 -subj "/CN=root"
|
||
|
openssl req -newkey rsa:4096 -keyout $DIR/alice.key -out $DIR/alice.csr -nodes -days 365 -subj "/CN=alice"
|
||
3 years ago
|
openssl req -newkey rsa:4096 -keyout $DIR/server.key -out $DIR/server.csr -nodes -days 365 -subj "/CN=ortem.xyz"
|
||
3 years ago
|
openssl x509 -req -in $DIR/alice.csr -CA $DIR/ca.crt -CAkey $DIR/ca.key -out $DIR/alice.crt -set_serial 01 -days 365 -extfile $V3_CFG
|
||
|
openssl x509 -req -in $DIR/server.csr -CA $DIR/ca.crt -CAkey $DIR/ca.key -out $DIR/server.crt -set_serial 01 -days 365 -extfile $V3_CFG
|
||
|
openssl pkcs12 -export -out $DIR/alice.p12 -inkey $DIR/alice.key -in $DIR/alice.crt -passin pass: -passout pass:
|
||
|
|
||
|
rm $V3_CFG
|