Created
April 3, 2023 08:40
-
-
Save alexeygritsenko/b3c10b9842a7e7453a4b5da1e00b3347 to your computer and use it in GitHub Desktop.
Generate of a self-signed certificate for .net grpc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# sha256ECDSA + HTTP/2 supported Windows Server 2012+ | |
# see https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1#http2-support | |
echo Generate CA key: | |
openssl ecparam -name prime256v1 -genkey -out ca.key | |
echo Generate CA certificate: | |
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=MyRootCA" | |
echo Generate server key: | |
openssl ecparam -name prime256v1 -genkey -noout -out server.key | |
echo Generate server signing request: | |
openssl req -new -key server.key -out server.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=localhost" | |
echo Self-sign server certificate: | |
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
echo Generate client key | |
openssl ecparam -name prime256v1 -genkey -out client.key | |
echo Generate client signing request: | |
openssl req -new -key client.key -out client.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=localhost" | |
echo Self-sign client certificate: | |
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Script from https://stackoverflow.com/questions/37714558/how-to-enable-server-side-ssl-for-grpc | |
# sha256RSA + HTTP/2 supported Windows Server 2016+ | |
echo Generate CA key: | |
openssl genrsa -passout pass:1111 -des3 -out ca.key 4096 | |
echo Generate CA certificate: | |
openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=MyRootCA" | |
echo Generate server key: | |
openssl genrsa -passout pass:1111 -des3 -out server.key 4096 | |
echo Generate server signing request: | |
openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=localhost" | |
echo Self-sign server certificate: | |
openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
echo Remove passphrase from server key: | |
openssl rsa -passin pass:1111 -in server.key -out server.key | |
echo Generate client key | |
openssl genrsa -passout pass:1111 -des3 -out client.key 4096 | |
echo Generate client signing request: | |
openssl req -passin pass:1111 -new -key client.key -out client.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=localhost" | |
echo Self-sign client certificate: | |
openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt | |
echo Remove passphrase from client key: | |
openssl rsa -passin pass:1111 -in client.key -out client.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment