generate self signed certs for mtls

gistfile1.txt

#!/usr/bin/env bash

VALIDITY_IN_DAYS=3650

COUNTRY="IN"
STATE="TELANGANA"
OU="org"
CN="domain"
LOCATION="HYDERABAD"
PASS="password?"

# Generate root CA key and certificate using openssl
openssl req -new -newkey rsa:4096 -days $VALIDITY_IN_DAYS -nodes -x509 \
  -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=ca.$CN" \
  -keyout rootCA.key -out rootCA.crt

# Generate nginx server key and Certificate Signing Request (CSR)
openssl req -new -newkey rsa:4096 -nodes \
  -keyout server.key -out server.csr \
  -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=server.$CN"

# Issue Server certificate by signing CSR with root CA key
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key \
  -CAcreateserial -out server.crt -days $VALIDITY_IN_DAYS -sha256

# Generate key, CSR and cert for client, as has been done for server
openssl req -new -newkey rsa:4096 -nodes \
  -keyout client.key -out client.csr \
  -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=client.$CN"

openssl x509 -req -in client.csr -CA rootCA.crt -CAkey rootCA.key \
  -CAcreateserial -out client.crt -days $VALIDITY_IN_DAYS -sha256