Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to generate certificates for satellite server
country=IN
state=Maharashtra
locality=Pune
organization=redhat
organizationalunit=QE
commonname=$(hostname)
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/CN=CA Cert/O=$organization/OU=$organizationalunit"
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname"
echo "authorityKeyIdentifier=keyid,issuer" > x509.ext
echo "basicConstraints=CA:FALSE" >> x509.ext
echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" >> x509.ext
echo "subjectAltName = @alt_names" >> x509.ext
echo "[alt_names]" >> x509.ext
echo "DNS.1 = localhost" >> x509.ext
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.valid.crt -days 100 -sha256 -extfile x509.ext
echo "Reading generated certificate :: "
openssl x509 -text -in server.valid.crt -noout
katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.