tknv/ore-ore-cert.sh

## ore-ore-cert.sh
#!/bin/bash

# set values for certificate
#
# CA - Certificate Authority
# countryName two letter code
CA_C="NR"
# stateOrProvinceName
CA_ST="Yaren"
# localityName
CA_L="Makwa"
# organizationName
CA_O="AWASLab Research"
# organizationalUnitName
CA_OU="Core Lab"
# commonName FQDN or Name
CA_CN="awas.lab"
# emailAddress
CA_EM="god@awas.lab"
#
# Server Certificate
SC_C="MY"
# stateOrProvinceName
SC_ST="Penang"
# localityName
SC_L="Bayan Lepas"
# organizationName
SC_O="AWASLab Research"
# organizationalUnitName
SC_OU="Experimental Lab"
# commonName FQDN or Name
SC_CN="*.awas.lab"
# emailAddress
SC_EM="admin@awas.lab"
#
# Client Certificate
CC_C="JP"
# stateOrProvinceName
CC_ST="Kanagawa"
# localityName
CC_L="Zaimokuza"
# organizationName
CC_O="AWASLab Research"
# organizationalUnitName
CC_OU="Wireless Experimental Lab"
# commonName FQDN or Name
CC_CN="wireless.awas.lab"
# emailAddress
CC_EM="example@foo.com"

# set values that the commands will share
VALID_DAYS=360
CA_KEY=ca.key
CA_CERT=ca.crt
CA_CERT_PEM=ca_crt.pem
CLIENT_KEY=client.key
CLIENT_KEY_PEM=client_key.pem
CLIENT_CERT=client.crt
CLIENT_CERT_PEM=client_crt.pem
CLIENT_CSR=client.csr
CLIENT_P12=client_p12
SERVER_KEY=server.key
SERVER_CERT=server.crt
SERVER_CSR=server.csr
SERVER_CERT_PEM=server_crt.pem
SERVER_CERT_forHTTPS=server_include_private.pem
KEY_BITS=2048

echo
echo "Create CA certificate..."
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CA_CN/emailAddress=$CA_EM/C=$CA_C/ST=$CA_ST/L=$CA_L/O=$CA_O/OU=$CA_OU" -out $CA_CERT
cat $CA_CERT > $CA_CERT_PEM
echo "Done then check"
openssl x509 -in $CA_CERT -text -noout

echo
echo "Creating Server certificate..."
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
openssl req -new -key $SERVER_KEY -subj "/CN=$SC_CN/emailAddress=$SC_EM/C=$SC_C/ST=$SC_ST/L=$SC_L/O=$SC_O/OU=$SC_OU" -out $SERVER_CSR
openssl x509 -days $VALID_DAYS -req -extfile <(printf "subjectAltName=DNS:xca.awas.lab,DNS:pf.awas.lab") -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
cat $SERVER_CERT > $SERVER_CERT_PEM
cat $SERVER_CERT $SERVER_KEY > $SERVER_CERT_forHTTPS
echo "Done then check"
openssl x509 -in $SERVER_CERT -text -noout

echo
echo "Creating Client certificate..."
USER_ID="example"
P12_PASSWORD="adminl123"
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
openssl req -new -key $CLIENT_KEY -subj "/CN=$CC_CN/emailAddress=$CC_EM/C=$CC_C/ST=$CC_ST/L=$CC_L/O=$CC_O/OU=$CC_OU/UID=$USER_ID" -out $CLIENT_CSR
openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
cat $CLIENT_CERT > $CLIENT_CERT_PEM
cat $CLIENT_KEY > $CLIENT_KEY_PEM
echo "Done then check"
openssl x509 -in $CLIENT_CERT -text -noout
echo
echo "----- Don't forget to open your browser and install your $CA_CERT and $CLIENT_P12 certificates -----"
echo
	#!/bin/bash

	# set values for certificate
	#
	# CA - Certificate Authority
	# countryName two letter code
	CA_C="NR"
	# stateOrProvinceName
	CA_ST="Yaren"
	# localityName
	CA_L="Makwa"
	# organizationName
	CA_O="AWASLab Research"
	# organizationalUnitName
	CA_OU="Core Lab"
	# commonName FQDN or Name
	CA_CN="awas.lab"
	# emailAddress
	CA_EM="god@awas.lab"
	#
	# Server Certificate
	SC_C="MY"
	# stateOrProvinceName
	SC_ST="Penang"
	# localityName
	SC_L="Bayan Lepas"
	# organizationName
	SC_O="AWASLab Research"
	# organizationalUnitName
	SC_OU="Experimental Lab"
	# commonName FQDN or Name
	SC_CN="*.awas.lab"
	# emailAddress
	SC_EM="admin@awas.lab"
	#
	# Client Certificate
	CC_C="JP"
	# stateOrProvinceName
	CC_ST="Kanagawa"
	# localityName
	CC_L="Zaimokuza"
	# organizationName
	CC_O="AWASLab Research"
	# organizationalUnitName
	CC_OU="Wireless Experimental Lab"
	# commonName FQDN or Name
	CC_CN="wireless.awas.lab"
	# emailAddress
	CC_EM="example@foo.com"

	# set values that the commands will share
	VALID_DAYS=360
	CA_KEY=ca.key
	CA_CERT=ca.crt
	CA_CERT_PEM=ca_crt.pem
	CLIENT_KEY=client.key
	CLIENT_KEY_PEM=client_key.pem
	CLIENT_CERT=client.crt
	CLIENT_CERT_PEM=client_crt.pem
	CLIENT_CSR=client.csr
	CLIENT_P12=client_p12
	SERVER_KEY=server.key
	SERVER_CERT=server.crt
	SERVER_CSR=server.csr
	SERVER_CERT_PEM=server_crt.pem
	SERVER_CERT_forHTTPS=server_include_private.pem
	KEY_BITS=2048

	echo
	echo "Create CA certificate..."
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
	openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CA_CN/emailAddress=$CA_EM/C=$CA_C/ST=$CA_ST/L=$CA_L/O=$CA_O/OU=$CA_OU" -out $CA_CERT
	cat $CA_CERT > $CA_CERT_PEM
	echo "Done then check"
	openssl x509 -in $CA_CERT -text -noout

	echo
	echo "Creating Server certificate..."
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
	openssl req -new -key $SERVER_KEY -subj "/CN=$SC_CN/emailAddress=$SC_EM/C=$SC_C/ST=$SC_ST/L=$SC_L/O=$SC_O/OU=$SC_OU" -out $SERVER_CSR
	openssl x509 -days $VALID_DAYS -req -extfile <(printf "subjectAltName=DNS:xca.awas.lab,DNS:pf.awas.lab") -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
	cat $SERVER_CERT > $SERVER_CERT_PEM
	cat $SERVER_CERT $SERVER_KEY > $SERVER_CERT_forHTTPS
	echo "Done then check"
	openssl x509 -in $SERVER_CERT -text -noout

	echo
	echo "Creating Client certificate..."
	USER_ID="example"
	P12_PASSWORD="adminl123"
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
	openssl req -new -key $CLIENT_KEY -subj "/CN=$CC_CN/emailAddress=$CC_EM/C=$CC_C/ST=$CC_ST/L=$CC_L/O=$CC_O/OU=$CC_OU/UID=$USER_ID" -out $CLIENT_CSR
	openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
	openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
	cat $CLIENT_CERT > $CLIENT_CERT_PEM
	cat $CLIENT_KEY > $CLIENT_KEY_PEM
	echo "Done then check"
	openssl x509 -in $CLIENT_CERT -text -noout
	echo
	echo "----- Don't forget to open your browser and install your $CA_CERT and $CLIENT_P12 certificates -----"
	echo