create_cert.sh

gistfile1.txt

#!/usr/bin/env bash

rm -rf ca
mkdir -p ca/{client,server}

#openssl genrsa -aes256 -out ca/ca.key 4096 chmod 400 ca/ca.key
openssl genrsa -out ca/ca.key 4096
chmod 400 ca/ca.key
openssl req -new -x509 -sha256 -days 730 -key ca/ca.key -out ca/ca.crt -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes
chmod 444 ca/ca.crt

openssl genrsa -out ca/server/client-ssl.key 2048
chmod 400 ca/server/client-ssl.key
openssl req -new -key ca/server/client-ssl.key -sha256 -out ca/server/client-ssl.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes
chmod 444 ca/server/client-ssl.csr

openssl genrsa -out ca/server/server-ssl.key 2048
chmod 400 ca/server/server-ssl.key
openssl req -new -key ca/server/server-ssl.key -sha256 -out ca/server/server-ssl.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes
openssl x509 -req -days 365 -sha256 -in ca/server/server-ssl.csr -CA ca/ca.crt -CAkey ca/ca.key -set_serial 1 -out ca/server/server-ssl.crt
chmod 444 ca/server/server-ssl.crt

# verify
# openssl x509 -noout -text -in ca/server/server-ssl.crt

openssl genrsa -out ca/client/client.key 2048
chmod 400 ca/server/client-ssl.key
openssl req -new -key ca/client/client.key -out ca/client/client.csr -subj '/C=JP/ST=Tokyo/L=Tokyo/O=Example Ltd./OU=Web/CN=example.com' -nodes
openssl x509 -req -days 365 -sha256 -in ca/client/client.csr -CA ca/ca.crt -CAkey ca/ca.key -set_serial 2 -out ca/client/client.crt
chmod 444 ca/client/client.crt

# generate pem file to use with curl
cat ca/client/client.crt ca/client/client.key > ca/client/client.pem
# generate cert file to use with browser -- client.p12
openssl pkcs12 -export -out ca/client.p12 -in ca/client/client.pem -inkey ca/client/client.key