Last active
April 22, 2020 11:10
-
-
Save gmmoreira/c0d3ffe3f4e0f362a327ccfaa2875870 to your computer and use it in GitHub Desktop.
OpenSSL certificate chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Original source: https://smartnets.wordpress.com/2017/04/27/create-certificate-chain-and-sign-certificates-using-openssl/ | |
| # RootCA.crt and IntermediateCA.crt must be manually trusted in the certificate store | |
| # The Server.pfx is optional and can be imported directly in IIS certificates settings | |
| # The Server.csr is optional | |
| openssl genrsa -out RootCA.key 4096 | |
| openssl req -new -x509 -days 1826 -key RootCA.key -out RootCA.crt | |
| openssl genrsa -out IntermediateCA.key 4096 | |
| openssl req -new -key IntermediateCA.key -out IntermediateCA.csr | |
| openssl x509 -req -days 1000 -in IntermediateCA.csr -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -out IntermediateCA.crt | |
| openssl genrsa -out Server.key 2048 | |
| openssl req -new -key Server.key -out Server.csr | |
| openssl x509 -req -days 1000 -in Server.csr -CA IntermediateCA.crt -CAkey IntermediateCA.key -set_serial 0101 -out Server.crt -sha1 | |
| openssl pkcs12 -export -out Server.pfx -inkey Server.key -in Server.crt -certfile IntermediateCA.crt | |
| openssl x509 -x509toreq -in Server.crt -out Server.csr -signkey Server.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment