gen_crt.sh

#!/bin/bash


RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color

BOLD=$(tput bold)
CLEAR=${NC}$(tput sgr0)


function gen_rootca() {
    echo -e "${BOLD}${GREEN}Generating RSA AES-256 Private Key for Root Certificate Authority${CLEAR}"
    #openssl genrsa -aes256 -out Root.CA.example.llc.key 4096
    openssl genrsa -out $1-RootCA.key 4096

    echo -e "${BOLD}${GREEN}Generating Certificate for Root Certificate Authority${CLEAR}"
    openssl req -x509 -new -nodes -key $1-RootCA.key -sha256 -days 730 -out $1-RootCA.crt -subj "/C=US/O=mycompany.com/OU=Comapany/CN=Root CA"
    #openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 730 -out rootCA.crt
}

function gen_cert() {
    echo -e "${BOLD}${GREEN}Generating RSA Private Key for $1 Certificate${CLEAR}"
    openssl genrsa -out $2.key 4096

    echo -e "${BOLD}${GREEN}Generating Certificate Signing Request for $1 Certificate${CLEAR}"
    openssl req -new -key $2.key -out $2.csr -subj "/C=US/O=mycompany.com/OU=Company/CN=$2"

    echo -e "${BOLD}${GREEN}Generating Certificate for $1 Certificate${CLEAR}"
    #openssl x509 -req -in $2.csr -CA $1-RootCA.crt -CAkey RootCA.key -CAcreateserial -out $2.crt -days 730 -sha256 -extfile server.ext
    openssl x509 -req -in $2.csr -CA $1-RootCA.crt -CAkey $1-RootCA.key -CAcreateserial -out $2.crt -days 730 -sha256

    echo -e "${BOLD}${RED}Verify $1 Certificate${CLEAR}"
    openssl verify -CAfile $1-RootCA.crt $2.crt
   
    rm -rf *.csr
    cp $1-RootCA.crt $2.ca

}

gen_rootca my 
gen_cert my server
gen_cert my client
rm -rf *-RootCA.*

echo "Done!"