Skip to content

Instantly share code, notes, and snippets.

@skhatri
Created May 20, 2023 03:37
Show Gist options
  • Save skhatri/e7699f95caf85ad47825506ede6cccf4 to your computer and use it in GitHub Desktop.
Save skhatri/e7699f95caf85ad47825506ede6cccf4 to your computer and use it in GitHub Desktop.
generate signed cert by self-signed ca
#create CA cert and self sign
if [[ ! -d ca ]];
then
mkdir ca
openssl genrsa -out ca/ca.key 2048
openssl req -new -x509 -key ca/ca.key -out ca/ca.crt -subj "/C=AU/ST=NSW/L=Sydney/O=Software Company/OU=IT/CN=ca"
fi;
cert=${1:-localhost}
if [[ $cert == "ca" ]];
then
echo "invalid server name"
exit 1;
fi;
if [[ ! -d $cert ]];
then
mkdir $cert
fi;
### Server Setup
KEY_FILE="$cert/keystore.p12"
STORE_PASS="test123"
keytool -genkeypair -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ${KEY_FILE} -validity 365 --dname "CN=$cert, OU=IT, O=Software Company, L=World, ST=World, C=WO" -storepass ${STORE_PASS}
keytool -certreq -keystore ${KEY_FILE} -file $cert/server.csr -storepass ${STORE_PASS} -keypass ${STORE_PASS}
#CA sign cert request
openssl x509 -req -in $cert/server.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out $cert/server.crt
openssl x509 -in $cert/server.crt -noout -text
cat $cert/server.crt ca/ca.crt > $cert/bundle.crt
openssl x509 -in $cert/bundle.crt -noout -text
### Server Import Cert
echo yes | keytool -importcert -file $cert/bundle.crt -keystore ${KEY_FILE} -keypass ${STORE_PASS} -storepass ${STORE_PASS} -trustcacerts
### Create Truststore
echo yes | keytool -importcert -alias ${cert} -file $cert/bundle.crt -keystore $cert/truststore.jks -storepass ${STORE_PASS} -keypass ${STORE_PASS} -trustcacerts
echo extracting private key
openssl pkcs12 -info -in ${KEY_FILE} -nodes -nocerts -out $cert/server.key -password "pass:${STORE_PASS}"
openssl rsa -in $cert/server.key -out $cert/server.rsa.key
echo files generated at ${cert}
ls $cert
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment