Skip to content

Instantly share code, notes, and snippets.

@florianrein
Created November 10, 2024 16:16
Show Gist options
  • Save florianrein/0e25962f0d56ba1702ac89c76a17073e to your computer and use it in GitHub Desktop.
Save florianrein/0e25962f0d56ba1702ac89c76a17073e to your computer and use it in GitHub Desktop.
Create Test Cert Chain & JKS
#!/bin/bash
function generate_jks_with_cert_and_key() {
local incert=$1
local inkey=$2
local jkspw=$3
openssl pkcs12 -export -in $incert -inkey $inkey -out temp.p12 -name personalcreds -password pass:sometemporarypw
keytool -importkeystore -deststorepass $jkspw -destkeystore somename.jks -srckeystore temp.p12 -srcstoretype PKCS12 -srcstorepass sometemporarypw -alias personalcreds
rm -f temp.p12
}
function create_test_certificate_chain() {
# Step 1: Generate Root CA key and self-signed certificate
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem \
-subj "/C=US/ST=State/L=City/O=MyCompany/OU=Org/CN=RootCA"
# Step 2: Generate End-User key and CSR
openssl genrsa -out endUser.key 4096
openssl req -new -key endUser.key -out endUser.csr \
-subj "/C=US/ST=State/L=City/O=MyCompany/OU=Org/CN=EndUser"
# Step 3: Sign the End-User CSR with the Root CA to create the end-user certificate
openssl x509 -req -in endUser.csr -CA rootCA.pem -CAkey rootCA.key \
-CAcreateserial -out endUser.crt -days 500 -sha256
}
create_test_certificate_chain
generate_jks_with_cert_and_key endUser.crt endUser.key pl3as3ChangeMe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment