Created
March 25, 2021 15:45
-
-
Save junderw/c354f3297fa062d29900b9bf5f54f775 to your computer and use it in GitHub Desktop.
openssl command to generate a tls cert just like the ones generated by LND Lightning Network Daemon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is one big command. Fill it out in a text editor and copy-paste | |
# the whole thing to get tls.key and tls.cert files for use with lnd | |
openssl \ | |
req \ | |
-newkey ec:<(openssl ecparam -name prime256v1) \ | |
-nodes `# No password` \ | |
-keyout \ | |
tls.key `# private key filename` \ | |
-x509 \ | |
-set_serial 0x$(openssl rand -hex 16) \ | |
`# config contains x509v3 extensions` \ | |
-config <(echo " | |
[req] | |
x509_extensions = v3_req | |
distinguished_name = req_distinguished_name | |
prompt = no | |
[req_distinguished_name] | |
organizationName = lnd autogenerated cert | |
commonName = localhost # Main domain goes here | |
[v3_req] | |
keyUsage = critical, digitalSignature, keyCertSign, keyEncipherment | |
extendedKeyUsage = serverAuth | |
basicConstraints = critical, CA:true | |
subjectKeyIdentifier = hash | |
subjectAltName = DNS:localhost, IP:127.0.0.1 # Additional DNS domains and IP addresses go here | |
") \ | |
-out tls.cert `# cert filename` \ | |
-days 420 `# Valid number of days (default for LND is 14 * 30 = 420 days)` |
a jump off point for modifications.
ie. extending the expiry beyond 420 days
You can also use $(echo $((($(date -d 20491230 +%s)-$(date +%s))/86400)))
in place of 420
where you replace 20491230
with the actual date you want it to expire in YYYYMMDD
format.
20491230
is probably the latest date you want to put in, since 2049-12-31 23:59:59
is the maximum value for dates in ASN.1 and with timezones etc. you wouldn't want the date to throw an error.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
whats the use case?