sbaildon/bash.sh

## bash.sh
#!/usr/bin/env bash -ex

SERVER_CN=localhost
USERNAME=Admin

WORKSPACE=/tmp/certs
CA_DIR=${WORKSPACE}/authority
SERVER_DIR=${WORKSPACE}/${SERVER_CN}
USER_DIR=${WORKSPACE}/admin

rm -rf ${WORKSPACE}

# Cert Authority
mkdir -p ${CA_DIR}
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ${CA_DIR}/rootCA.key -out ${CA_DIR}/rootCA.crt -subj "/C=GB/O=Example/OU=Dev/CN=CA" -passin pass:password
keytool -import -keystore ${CA_DIR}/truststore.jks -file ${CA_DIR}/rootCA.crt -alias rootCA -storepass password -noprompt

# Server now
mkdir -p  ${SERVER_DIR}
openssl req -out ${SERVER_DIR}/${SERVER_CN}.csr -newkey rsa:2048 -nodes -keyout ${SERVER_DIR}/${SERVER_CN}.key -subj "/C=GB/O=Example/OU=Dev/CN=${SERVER_CN}" -passin pass:password
openssl x509 -req -days 360 -in ${SERVER_DIR}/${SERVER_CN}.csr -CA ${CA_DIR}/rootCA.crt -CAkey ${CA_DIR}/rootCA.key -CAcreateserial -out ${SERVER_DIR}/${SERVER_CN}.crt
openssl pkcs12 -export -out ${SERVER_DIR}/${SERVER_CN}.p12 -inkey ${SERVER_DIR}/${SERVER_CN}.key -in ${SERVER_DIR}/${SERVER_CN}.crt -certfile ${CA_DIR}/rootCA.crt -passout pass:password

# User
mkdir -p ${USER_DIR}
openssl req -out ${USER_DIR}/${USERNAME}.csr -newkey rsa:2048 -nodes -keyout ${USER_DIR}/${USERNAME}.key -subj "/C=GB/O=Example/OU=Dev/CN=${USERNAME}" -passin pass:password
openssl x509 -req -days 360 -in ${USER_DIR}/${USERNAME}.csr -CA ${CA_DIR}/rootCA.crt -CAkey ${CA_DIR}/rootCA.key -CAcreateserial -out ${USER_DIR}/${USERNAME}.crt
openssl pkcs12 -export -out ${USER_DIR}/${USERNAME}.p12 -inkey ${USER_DIR}/${USERNAME}.key -in ${USER_DIR}/${USERNAME}.crt -certfile ${CA_DIR}/rootCA.crt -passout pass:password
	#!/usr/bin/env bash -ex

	SERVER_CN=localhost
	USERNAME=Admin

	WORKSPACE=/tmp/certs
	CA_DIR=${WORKSPACE}/authority
	SERVER_DIR=${WORKSPACE}/${SERVER_CN}
	USER_DIR=${WORKSPACE}/admin

	rm -rf ${WORKSPACE}

	# Cert Authority
	mkdir -p ${CA_DIR}
	openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ${CA_DIR}/rootCA.key -out ${CA_DIR}/rootCA.crt -subj "/C=GB/O=Example/OU=Dev/CN=CA" -passin pass:password
	keytool -import -keystore ${CA_DIR}/truststore.jks -file ${CA_DIR}/rootCA.crt -alias rootCA -storepass password -noprompt

	# Server now
	mkdir -p ${SERVER_DIR}
	openssl req -out ${SERVER_DIR}/${SERVER_CN}.csr -newkey rsa:2048 -nodes -keyout ${SERVER_DIR}/${SERVER_CN}.key -subj "/C=GB/O=Example/OU=Dev/CN=${SERVER_CN}" -passin pass:password
	openssl x509 -req -days 360 -in ${SERVER_DIR}/${SERVER_CN}.csr -CA ${CA_DIR}/rootCA.crt -CAkey ${CA_DIR}/rootCA.key -CAcreateserial -out ${SERVER_DIR}/${SERVER_CN}.crt
	openssl pkcs12 -export -out ${SERVER_DIR}/${SERVER_CN}.p12 -inkey ${SERVER_DIR}/${SERVER_CN}.key -in ${SERVER_DIR}/${SERVER_CN}.crt -certfile ${CA_DIR}/rootCA.crt -passout pass:password

	# User
	mkdir -p ${USER_DIR}
	openssl req -out ${USER_DIR}/${USERNAME}.csr -newkey rsa:2048 -nodes -keyout ${USER_DIR}/${USERNAME}.key -subj "/C=GB/O=Example/OU=Dev/CN=${USERNAME}" -passin pass:password
	openssl x509 -req -days 360 -in ${USER_DIR}/${USERNAME}.csr -CA ${CA_DIR}/rootCA.crt -CAkey ${CA_DIR}/rootCA.key -CAcreateserial -out ${USER_DIR}/${USERNAME}.crt
	openssl pkcs12 -export -out ${USER_DIR}/${USERNAME}.p12 -inkey ${USER_DIR}/${USERNAME}.key -in ${USER_DIR}/${USERNAME}.crt -certfile ${CA_DIR}/rootCA.crt -passout pass:password