artyomb/make_ca.sh

## make_ca.sh
#!/bin/bash
cd "$(dirname "$0")"

#Generage CA (self-signed)
openssl req -x509 -nodes -days 5000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

#Debug dump
openssl x509 -in ca.crt -noout -text >ca.txt
openssl x509 -noout -fingerprint -in ca.crt >> ca.txt

openssl verify -verbose -CAfile ca.crt ca.crt


#Calculate SKI (Subject Key Identifier)
openssl x509  -noout -in ca.crt -pubkey  | openssl asn1parse  -strparse 19 -out ca.pub.tmp 1>/dev/null
openssl dgst -c -sha1 ca.pub.tmp
rm *.tmp

## make_client.sh
#!/bin/bash
cd "$(dirname "$0")"

c_name="client1"
file_name="client1"
ca_crt='../ca.crt'
ca_key='../ca.key'

#Generate client certificate
openssl genrsa -out $file_name.key 2048
openssl req -new -key $file_name.key -out $file_name.csr -subj "/O=Group/OU=Org/CN=$c_name"
openssl x509 -req -extfile v3.ext -in $file_name.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out $file_name.crt -days 365

# Genegate PKCS12 for FifeFox and Chrome
openssl pkcs12 -export -in $file_name.crt -inkey $file_name.key -name "$c_name Org" -out $file_name.p12


#Debug dump
echo "------------Check------------"
openssl pkcs12 -in $file_name.p12 -nodes -passin pass:"" | openssl x509 -noout -text >$file_name.p12.txt
#openssl pkcs12 -in $file_name.p12 -nodes  | openssl x509 -noout -text >$file_name.p12.txt
openssl x509 -noout -text -in $file_name.crt >$file_name.crt.txt

openssl verify -verbose -CAfile $ca_crt $file_name.crt

## make_server.sh
#!/bin/bash
cd "$(dirname "$0")"
#ALTNAME="DNS:<host1>,DNS:<host2>"
ca_crt='../ca.crt'
ca_key='../ca.key'

#Generate certificate
openssl genrsa -out server.key 2048

openssl req -new -key server.key -out server.csr -subj "/O=Group/OU=Org/CN=222.222.45.66"
#    -reqexts SAN -config <( cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName='DNS.1:222.222.45.66:8080,DNS.2:222.222.45.66:9090,DNS.3:app.scispike.com'"))

openssl x509 -req -extfile v3.ext -in server.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out server.crt -days 365\
    -extfile <(cat ./v3.ext <(printf "\nsubjectAltName=IP:222.222.45.66,DNS:222.222.45.66"))

#Debug dump
openssl req -in server.csr -text -noout >server.csr.txt
openssl x509 -in server.crt -noout -text >server.crt.txt
openssl verify -verbose -CAfile $ca_crt server.crt
	#!/bin/bash
	cd "$(dirname "$0")"

	#Generage CA (self-signed)
	openssl req -x509 -nodes -days 5000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

	#Debug dump
	openssl x509 -in ca.crt -noout -text >ca.txt
	openssl x509 -noout -fingerprint -in ca.crt >> ca.txt

	openssl verify -verbose -CAfile ca.crt ca.crt


	#Calculate SKI (Subject Key Identifier)
	openssl x509 -noout -in ca.crt -pubkey \| openssl asn1parse -strparse 19 -out ca.pub.tmp 1>/dev/null
	openssl dgst -c -sha1 ca.pub.tmp
	rm *.tmp
	#!/bin/bash
	cd "$(dirname "$0")"

	c_name="client1"
	file_name="client1"
	ca_crt='../ca.crt'
	ca_key='../ca.key'

	#Generate client certificate
	openssl genrsa -out $file_name.key 2048
	openssl req -new -key $file_name.key -out $file_name.csr -subj "/O=Group/OU=Org/CN=$c_name"
	openssl x509 -req -extfile v3.ext -in $file_name.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out $file_name.crt -days 365

	# Genegate PKCS12 for FifeFox and Chrome
	openssl pkcs12 -export -in $file_name.crt -inkey $file_name.key -name "$c_name Org" -out $file_name.p12


	#Debug dump
	echo "------------Check------------"
	openssl pkcs12 -in $file_name.p12 -nodes -passin pass:"" \| openssl x509 -noout -text >$file_name.p12.txt
	#openssl pkcs12 -in $file_name.p12 -nodes \| openssl x509 -noout -text >$file_name.p12.txt
	openssl x509 -noout -text -in $file_name.crt >$file_name.crt.txt

	openssl verify -verbose -CAfile $ca_crt $file_name.crt
	#!/bin/bash
	cd "$(dirname "$0")"
	#ALTNAME="DNS:<host1>,DNS:<host2>"
	ca_crt='../ca.crt'
	ca_key='../ca.key'

	#Generate certificate
	openssl genrsa -out server.key 2048

	openssl req -new -key server.key -out server.csr -subj "/O=Group/OU=Org/CN=222.222.45.66"
	# -reqexts SAN -config <( cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName='DNS.1:222.222.45.66:8080,DNS.2:222.222.45.66:9090,DNS.3:app.scispike.com'"))

	openssl x509 -req -extfile v3.ext -in server.csr -CA $ca_crt -CAkey $ca_key -CAcreateserial -out server.crt -days 365\
	-extfile <(cat ./v3.ext <(printf "\nsubjectAltName=IP:222.222.45.66,DNS:222.222.45.66"))

	#Debug dump
	openssl req -in server.csr -text -noout >server.csr.txt
	openssl x509 -in server.crt -noout -text >server.crt.txt
	openssl verify -verbose -CAfile $ca_crt server.crt