msioen/create_root_cert_and_key.sh Secret

## readme.md

      
    Raw
  

              readme.md
            
          
    Two script files to setup self-signed certificate bits.
Included files have the proper settings for self-signed certificates linking to localhost. If other domains are needed several changes are necessary.

Execute ./create_root_cert_and_key.sh to create the root certificate authority.
Execute ./create_server_cert_and_key_with_ca.sh to create the server certificate


## create_root_cert_and_key.sh
#!/usr/bin/env bash
openssl genrsa -out rootCA.key 2048
openssl req -new -days 3650 -key rootCA.key -out rootCA.pem -config ./openssl-ca.cnf
openssl x509 -req -days 3650 -in rootCA.pem -signkey rootCA.key -out rootCA.crt -extfile v3-ca.ext

## create_server_cert_and_key_with_ca.sh
#!/usr/bin/env bash
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat openssl-cert.cnf )
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3-cert.ext

## openssl-ca.cnf
[req]
default_bits = 2048
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn

[dn]
C = BE
ST = Brussels
L = Brussels
O = CA
OU = Localhost CA
emailAddress = webmaster@example.com
CN = localhost

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.localhost
DNS.2 = localhost

## openssl-cert.cnf
[req]
default_bits = 2048
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn

[dn]
C = BE
ST = Brussels
L = Brussels
O = IT
OU = IT Department
emailAddress = it@example.com
CN = localhost

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.localhost
DNS.2 = localhost

## v3-ca.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost

## v3-cert.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
	#!/usr/bin/env bash
	openssl genrsa -out rootCA.key 2048
	openssl req -new -days 3650 -key rootCA.key -out rootCA.pem -config ./openssl-ca.cnf
	openssl x509 -req -days 3650 -in rootCA.pem -signkey rootCA.key -out rootCA.crt -extfile v3-ca.ext
	#!/usr/bin/env bash
	openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat openssl-cert.cnf )
	openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3-cert.ext
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	x509_extensions = v3_req
	distinguished_name = dn

	[dn]
	C = BE
	ST = Brussels
	L = Brussels
	O = CA
	OU = Localhost CA
	emailAddress = webmaster@example.com
	CN = localhost

	[v3_req]
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = *.localhost
	DNS.2 = localhost
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:TRUE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = localhost
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = localhost