openssl.sh

openssl.sh

cat << EOF >  openssl.conf 
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
hash = sha256
prompt = no

[ req_distinguished_name ]
countryName = FR
localityName = Paris
commonName = ca.openvpn.com

[ v3_req ]
basicConstraints = CA:TRUE
EOF

cat << EOF >  openssl.conf 
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
hash = sha256
prompt = no

[ req_distinguished_name ]
countryName = FR
localityName = Paris
commonName = ca.openvpn.com

[ v3_req ]
basicConstraints = CA:TRUE
EOF

cat << EOF > openssl_client.conf 
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
hash = sha256
prompt = no

[ req_distinguished_name ]
countryName = FR
localityName = Paris
commonName = client.openvpn.com

[ v3_req ]
basicConstraints = CA:FALSE
EOF

cat << EOF > openssl_client.conf 
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
hash = sha256
prompt = no

[ req_distinguished_name ]
countryName = FR
localityName = Paris
commonName = client.openvpn.com

[ v3_req ]
basicConstraints = CA:FALSE
EOF

cat << EOF > openssl_server.conf 
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
hash = sha256
prompt = no

[ req_distinguished_name ]
countryName = FR
localityName = Paris
commonName = server.openvpn.com

[ v3_req ]
basicConstraints = CA:FALSE
EOF


#DH
openssl dhparam -out dh.pem 2048

#CA
openssl req -config openssl.conf -x509 -nodes -days 365 -newkey rsa:4096 -keyout ca.key -out ca.crt

#Server
openssl req -config openssl_server.conf -nodes -new -newkey rsa:4096 -out server.csr -keyout server.key
openssl x509 -req  -days 365 -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -CAserial ca.srl

#Client
openssl req -config openssl_client.conf -nodes -new -newkey rsa:4096 -out client.csr -keyout client.key
openssl x509 -req -days 365 -in client.csr -out client.crt -CA ca.crt -CAkey ca.key


openssl x509 -in client.crt -text