You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
3.6 KiB
Bash
109 lines
3.6 KiB
Bash
7 years ago
|
#!/bin/bash
|
||
|
|
||
|
# From https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
|
||
|
|
||
|
mkdir /root/ca
|
||
|
|
||
|
cd /root/ca
|
||
|
mkdir certs crl newcerts private
|
||
|
chmod 700 private
|
||
|
touch index.txt
|
||
|
echo 1000 > serial
|
||
|
|
||
|
wget https://jamielinux.com/docs/openssl-certificate-authority/_downloads/root-config.txt -O /root/ca/openssl.cnf
|
||
|
|
||
|
cd /root/ca
|
||
|
openssl genrsa -out private/ca.key.pem 4096
|
||
|
|
||
|
chmod 400 private/ca.key.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
echo "
|
||
|
Enter pass phrase for ca.key.pem: secretpassword
|
||
|
You are about to be asked to enter information that will be incorporated
|
||
|
into your certificate request.
|
||
|
-----
|
||
|
Country Name (2 letter code) [XX]:GB
|
||
|
State or Province Name []:England
|
||
|
Locality Name []:
|
||
|
Organization Name []:Alice Ltd
|
||
|
Organizational Unit Name []:Alice Ltd Certificate Authority
|
||
|
Common Name []:Alice Ltd Root CA
|
||
|
Email Address []:
|
||
|
"
|
||
|
openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem
|
||
|
|
||
|
chmod 444 certs/ca.cert.pem
|
||
|
|
||
|
openssl x509 -noout -text -in certs/ca.cert.pem
|
||
|
|
||
|
mkdir /root/ca/intermediate
|
||
|
|
||
|
cd /root/ca/intermediate
|
||
|
mkdir certs crl csr newcerts private
|
||
|
chmod 700 private
|
||
|
touch index.txt
|
||
|
echo 1000 > serial
|
||
|
echo 1000 > /root/ca/intermediate/crlnumber
|
||
|
|
||
|
wget https://jamielinux.com/docs/openssl-certificate-authority/_downloads/intermediate-config.txt -O /root/ca/intermediate/openssl.cnf
|
||
|
|
||
|
cd /root/ca
|
||
|
openssl genrsa -out intermediate/private/intermediate.key.pem 4096
|
||
|
chmod 400 intermediate/private/intermediate.key.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
echo "
|
||
|
|
||
|
Enter pass phrase for intermediate.key.pem: secretpassword
|
||
|
You are about to be asked to enter information that will be incorporated
|
||
|
into your certificate request.
|
||
|
-----
|
||
|
Country Name (2 letter code) [XX]:GB
|
||
|
State or Province Name []:England
|
||
|
Locality Name []:
|
||
|
Organization Name []:Alice Ltd
|
||
|
Organizational Unit Name []:Alice Ltd Certificate Authority
|
||
|
Common Name []:Alice Ltd Intermediate CA
|
||
|
Email Address []:
|
||
|
"
|
||
|
openssl req -config intermediate/openssl.cnf -new -sha256 -key intermediate/private/intermediate.key.pem -out intermediate/csr/intermediate.csr.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem
|
||
|
|
||
|
chmod 444 intermediate/certs/intermediate.cert.pem
|
||
|
|
||
|
openssl x509 -noout -text -in intermediate/certs/intermediate.cert.pem
|
||
|
|
||
|
cat intermediate/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate/certs/ca-chain.cert.pem
|
||
|
chmod 444 intermediate/certs/ca-chain.cert.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
openssl genrsa -out intermediate/private/www.example.com.key.pem 2048
|
||
|
chmod 400 intermediate/private/www.example.com.key.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
echo "
|
||
|
Enter pass phrase for www.example.com.key.pem: secretpassword
|
||
|
You are about to be asked to enter information that will be incorporated
|
||
|
into your certificate request.
|
||
|
-----
|
||
|
Country Name (2 letter code) [XX]:US
|
||
|
State or Province Name []:California
|
||
|
Locality Name []:Mountain View
|
||
|
Organization Name []:Alice Ltd
|
||
|
Organizational Unit Name []:Alice Ltd Web Services
|
||
|
Common Name []:www.example.com
|
||
|
Email Address []:
|
||
|
"
|
||
|
openssl req -config intermediate/openssl.cnf -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem
|
||
|
|
||
|
cd /root/ca
|
||
|
openssl ca -config intermediate/openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in intermediate/csr/www.example.com.csr.pem -out intermediate/certs/www.example.com.cert.pem
|
||
|
chmod 444 intermediate/certs/www.example.com.cert.pem
|
||
|
|
||
|
openssl x509 -noout -text -in intermediate/certs/www.example.com.cert.pem
|
||
|
|
||
|
openssl verify -CAfile intermediate/certs/ca-chain.cert.pem intermediate/certs/www.example.com.cert.pem
|