bruceharrison1984/make-mtls-certs.sh

## make-mtls-certs.sh
#!/bin/sh

mkdir -p ./certs/{ca,client,server}

cd ./certs/ca
echo "Generate CA certificates"
openssl req -new -x509 -nodes -days 365 -subj '/CN=example.com' -keyout ca.key -out ca.crt

cd ../server

echo "Generate server certificates"
cp ../ca/ca.crt .
openssl genrsa -out ldap-server.key 2048
openssl req -new -key ldap-server.key -subj '/CN=localhost' -out ldap-server.csr
openssl x509 -req -in ldap-server.csr -CA ca.crt -CAkey ../ca/ca.key -CAcreateserial -days 365 -out ldap-server.crt
rm ldap-server.csr

cd ../client
echo "Generate client certificate"
cp ../ca/ca.crt .
openssl genrsa -out ldap-client.key 2048
openssl req -new -key ldap-client.key -subj '/CN=ldap-client' -out ldap-client.csr
openssl x509 -req -in ldap-client.csr -CA ca.crt -CAkey ../ca/ca.key -CAcreateserial -days 365 -out ldap-client.crt
rm ldap-client.csr

echo "\nDone"
	#!/bin/sh

	mkdir -p ./certs/{ca,client,server}

	cd ./certs/ca
	echo "Generate CA certificates"
	openssl req -new -x509 -nodes -days 365 -subj '/CN=example.com' -keyout ca.key -out ca.crt

	cd ../server

	echo "Generate server certificates"
	cp ../ca/ca.crt .
	openssl genrsa -out ldap-server.key 2048
	openssl req -new -key ldap-server.key -subj '/CN=localhost' -out ldap-server.csr
	openssl x509 -req -in ldap-server.csr -CA ca.crt -CAkey ../ca/ca.key -CAcreateserial -days 365 -out ldap-server.crt
	rm ldap-server.csr

	cd ../client
	echo "Generate client certificate"
	cp ../ca/ca.crt .
	openssl genrsa -out ldap-client.key 2048
	openssl req -new -key ldap-client.key -subj '/CN=ldap-client' -out ldap-client.csr
	openssl x509 -req -in ldap-client.csr -CA ca.crt -CAkey ../ca/ca.key -CAcreateserial -days 365 -out ldap-client.crt
	rm ldap-client.csr

	echo "\nDone"