Created
November 26, 2018 22:44
-
-
Save automaticalldramatic/367133e1b29a4c359ad5d9be4d3f069b to your computer and use it in GitHub Desktop.
Generating self signed certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!/bin/bash | |
# Inspired from: https://github.com/grpc/grpc-java/tree/master/examples#generating-self-signed-certificates-for-use-with-grpc | |
# Output files | |
# ca.key: Certificate Authority private key file (this shouldn't be shared in real-life) | |
# ca.crt: Certificate Authority trust certificate (this should be shared with users in real-life) | |
# server.key: Server private key, password protected (this shouldn't be shared) | |
# server.csr: Server certificate signing request (this should be shared with the CA owner) | |
# server.crt: Server certificate signed by the CA (this would be sent back by the CA owner) - keep on server | |
# server.pem: Conversion of server.key into a format gRPC likes (this shouldn't be shared) | |
# Summary | |
# Private files: ca.key, server.key, server.pem, server.crt | |
# "Share" files: ca.crt (needed by the client), server.csr (needed by the CA) | |
# Changes these CN's to match your hosts in your environment if needed. | |
SERVER_CN=localhost | |
# Step 1: Generate Certificate Authority + Trust Certificate (ca.crt) | |
openssl genrsa -passout pass:1111 -des3 -out ca.key 4096 | |
openssl req -passin pass:1111 -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}" | |
# Step 2: Generate the Server Private Key (server.key) | |
openssl genrsa -passout pass:1111 -des3 -out server.key 4096 | |
# Step 3: Get a certificate signing request from the CA (server.csr) | |
openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}" | |
# Step 4: Sign the certificate with the CA we created (it's called self signing) - server.crt | |
openssl x509 -req -passin pass:1111 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
# Step 5: Convert the server certificate to .pem format (server.pem) - usable by gRPC | |
openssl pkcs8 -topk8 -nocrypt -passin pass:1111 -in server.key -out server.pemr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment