convert to pkcs8 format. grpc-tls require this format.
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in server.key -out server.pkcs8.key
Last active
March 25, 2023 02:31
-
-
Save chenbojian/b4e63505c30c008f3b98cd3cbad88dda to your computer and use it in GitHub Desktop.
Certificate Chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Generate CA Certificate | |
#Generate private Key | |
openssl genrsa -out CA.key 2048 | |
#Generate CA CSR | |
openssl req -new -sha256 -key CA.key -out CA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA CERTIFICATE" | |
#Generate CA Certificate (10 years) | |
openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem | |
#Convert pfx | |
openssl pkcs12 -export -out CA.pfx -inkey CA.key -in CA.pem | |
#-------------------------------------------------------------------------------------- | |
#Generate Intermediary CA Certificate | |
#Generate private Key | |
openssl genrsa -out CA_Intermediary.key 2048 | |
#Create Intermediary CA CSR | |
openssl req -new -sha256 -key CA_Intermediary.key -out CA_Intermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=CA INTERMEDIARY CERTIFICATE" | |
#Generate Server Certificate (10 years) | |
openssl x509 -req -in CA_Intermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out CA_Intermediary.crt -days 3650 -sha256 | |
#-------------------------------------------------------------------------------------- | |
#Generate Server Certificate signed by CA | |
#Generate private Key | |
openssl genrsa -out ServerCert_signedByCA.key 2048 | |
#Create Server CSR | |
openssl req -new -sha256 -key ServerCert_signedByCA.key -out ServerCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=axway.lab/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name" | |
#Generate Server Certificate | |
openssl x509 -req -in ServerCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCA.crt -days 3650 -sha256 | |
#View Certificate | |
openssl x509 -text -noout -in ServerCert_signedByCA.crt | |
#-------------------------------------------------------------------------------------- | |
#Generate Server Certificate signed by Intermediary CA | |
#Generate private Key | |
openssl genrsa -out ServerCert_signedByCAIntermediary.key 2048 | |
#Create Server CSR | |
openssl req -new -sha256 -key ServerCert_signedByCAIntermediary.key -out ServerCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=localhost/subjectAltName=DNS.1=axway.lab,DNS.2=your-alt-name" | |
#Generate Server Certificate | |
openssl x509 -req -in ServerCert_signedByCAIntermediary.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ServerCert_signedByCAIntermediary.crt -days 3650 -sha256 | |
#View Certificate | |
openssl x509 -text -noout -in ServerCert_signedByCAIntermediary.crt | |
#-------------------------------------------------------------------------------------- | |
#Generate Client Certificate signed by CA | |
#Generate private Key | |
openssl genrsa -out ClientCert_signedByCA.key 2048 | |
#Create Client CSR | |
openssl req -new -sha256 -key ClientCert_signedByCA.key -out ClientCert_signedByCA.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=client" | |
#Generate Client Certificate | |
openssl x509 -req -in ClientCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ClientCert_signedByCA.crt -days 3650 -sha256 | |
#View Certificate | |
openssl x509 -text -noout -in ClientCert_signedByCA.crt | |
#-------------------------------------------------------------------------------------- | |
#Generate Client Certificate signed by Intermediary CA | |
#Generate private Key | |
openssl genrsa -out ClientCert_signedByCAIntermediary.key 2048 | |
#Create Client CSR | |
openssl req -new -sha256 -key ClientCert_signedByCAIntermediary.key -out ClientCert_signedByCAIntermediary.csr -subj "/C=BR/ST=SAO PAULO/L=SAO PAULO/O=AXWAY/CN=clientCA_Intermediary" | |
#Generate Client Certificate | |
openssl x509 -req -in ClientCert_signedByCAIntermediary.csr -CA CA_Intermediary.crt -CAkey CA_Intermediary.key -CAcreateserial -out ClientCert_signedByCAIntermediary.crt -days 3650 -sha256 | |
#View Certificate | |
openssl x509 -text -noout -in ClientCert_signedByCAIntermediary.crt | |
client_cert() { | |
openssl genrsa -out ClientCert_signedByCA.key 2048 | |
openssl req -new -sha256 -key ClientCert_signedByCA.key -out ClientCert_signedByCA.csr -subj "/CN=$1" | |
openssl x509 -req -in ClientCert_signedByCA.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out ClientCert_signedByCA.crt -days 3650 -sha256 | |
openssl pkcs12 -export -out $1.pfx -inkey ClientCert_signedByCA.key -in ClientCert_signedByCA.crt -certfile CA.pem -passout pass:1234 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment