Created
March 25, 2021 15:45
-
-
Save junderw/c354f3297fa062d29900b9bf5f54f775 to your computer and use it in GitHub Desktop.
openssl command to generate a tls cert just like the ones generated by LND Lightning Network Daemon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is one big command. Fill it out in a text editor and copy-paste | |
# the whole thing to get tls.key and tls.cert files for use with lnd | |
openssl \ | |
req \ | |
-newkey ec:<(openssl ecparam -name prime256v1) \ | |
-nodes `# No password` \ | |
-keyout \ | |
tls.key `# private key filename` \ | |
-x509 \ | |
-set_serial 0x$(openssl rand -hex 16) \ | |
`# config contains x509v3 extensions` \ | |
-config <(echo " | |
[req] | |
x509_extensions = v3_req | |
distinguished_name = req_distinguished_name | |
prompt = no | |
[req_distinguished_name] | |
organizationName = lnd autogenerated cert | |
commonName = localhost # Main domain goes here | |
[v3_req] | |
keyUsage = critical, digitalSignature, keyCertSign, keyEncipherment | |
extendedKeyUsage = serverAuth | |
basicConstraints = critical, CA:true | |
subjectKeyIdentifier = hash | |
subjectAltName = DNS:localhost, IP:127.0.0.1 # Additional DNS domains and IP addresses go here | |
") \ | |
-out tls.cert `# cert filename` \ | |
-days 420 `# Valid number of days (default for LND is 14 * 30 = 420 days)` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can also use
$(echo $((($(date -d 20491230 +%s)-$(date +%s))/86400)))
in place of420
where you replace20491230
with the actual date you want it to expire inYYYYMMDD
format.20491230
is probably the latest date you want to put in, since2049-12-31 23:59:59
is the maximum value for dates in ASN.1 and with timezones etc. you wouldn't want the date to throw an error.