Created
August 20, 2021 11:56
-
-
Save sreevardhanreddi/3a45328238b41aadd3bdc66f1e1da6de to your computer and use it in GitHub Desktop.
generate self signed certs for mtls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
VALIDITY_IN_DAYS=3650 | |
COUNTRY="IN" | |
STATE="TELANGANA" | |
OU="org" | |
CN="domain" | |
LOCATION="HYDERABAD" | |
PASS="password?" | |
# Generate root CA key and certificate using openssl | |
openssl req -new -newkey rsa:4096 -days $VALIDITY_IN_DAYS -nodes -x509 \ | |
-subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=ca.$CN" \ | |
-keyout rootCA.key -out rootCA.crt | |
# Generate nginx server key and Certificate Signing Request (CSR) | |
openssl req -new -newkey rsa:4096 -nodes \ | |
-keyout server.key -out server.csr \ | |
-subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=server.$CN" | |
# Issue Server certificate by signing CSR with root CA key | |
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key \ | |
-CAcreateserial -out server.crt -days $VALIDITY_IN_DAYS -sha256 | |
# Generate key, CSR and cert for client, as has been done for server | |
openssl req -new -newkey rsa:4096 -nodes \ | |
-keyout client.key -out client.csr \ | |
-subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$OU/CN=client.$CN" | |
openssl x509 -req -in client.csr -CA rootCA.crt -CAkey rootCA.key \ | |
-CAcreateserial -out client.crt -days $VALIDITY_IN_DAYS -sha256 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment