Add cert-generation helper script
From https://jamielinux.com/docs/openssl-certificate-authority/introduction.htmlmaster
parent
1a11536495
commit
f802c0d745
@ -0,0 +1,108 @@
|
||||
#!/bin/bash
|
||||
|
||||
# From https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
|
||||
|
||||
mkdir /root/ca
|
||||
|
||||
cd /root/ca
|
||||
mkdir certs crl newcerts private
|
||||
chmod 700 private
|
||||
touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
wget https://jamielinux.com/docs/openssl-certificate-authority/_downloads/root-config.txt -O /root/ca/openssl.cnf
|
||||
|
||||
cd /root/ca
|
||||
openssl genrsa -out private/ca.key.pem 4096
|
||||
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
cd /root/ca
|
||||
echo "
|
||||
Enter pass phrase for ca.key.pem: secretpassword
|
||||
You are about to be asked to enter information that will be incorporated
|
||||
into your certificate request.
|
||||
-----
|
||||
Country Name (2 letter code) [XX]:GB
|
||||
State or Province Name []:England
|
||||
Locality Name []:
|
||||
Organization Name []:Alice Ltd
|
||||
Organizational Unit Name []:Alice Ltd Certificate Authority
|
||||
Common Name []:Alice Ltd Root CA
|
||||
Email Address []:
|
||||
"
|
||||
openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem
|
||||
|
||||
chmod 444 certs/ca.cert.pem
|
||||
|
||||
openssl x509 -noout -text -in certs/ca.cert.pem
|
||||
|
||||
mkdir /root/ca/intermediate
|
||||
|
||||
cd /root/ca/intermediate
|
||||
mkdir certs crl csr newcerts private
|
||||
chmod 700 private
|
||||
touch index.txt
|
||||
echo 1000 > serial
|
||||
echo 1000 > /root/ca/intermediate/crlnumber
|
||||
|
||||
wget https://jamielinux.com/docs/openssl-certificate-authority/_downloads/intermediate-config.txt -O /root/ca/intermediate/openssl.cnf
|
||||
|
||||
cd /root/ca
|
||||
openssl genrsa -out intermediate/private/intermediate.key.pem 4096
|
||||
chmod 400 intermediate/private/intermediate.key.pem
|
||||
|
||||
cd /root/ca
|
||||
echo "
|
||||
|
||||
Enter pass phrase for intermediate.key.pem: secretpassword
|
||||
You are about to be asked to enter information that will be incorporated
|
||||
into your certificate request.
|
||||
-----
|
||||
Country Name (2 letter code) [XX]:GB
|
||||
State or Province Name []:England
|
||||
Locality Name []:
|
||||
Organization Name []:Alice Ltd
|
||||
Organizational Unit Name []:Alice Ltd Certificate Authority
|
||||
Common Name []:Alice Ltd Intermediate CA
|
||||
Email Address []:
|
||||
"
|
||||
openssl req -config intermediate/openssl.cnf -new -sha256 -key intermediate/private/intermediate.key.pem -out intermediate/csr/intermediate.csr.pem
|
||||
|
||||
cd /root/ca
|
||||
openssl ca -config openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate/csr/intermediate.csr.pem -out intermediate/certs/intermediate.cert.pem
|
||||
|
||||
chmod 444 intermediate/certs/intermediate.cert.pem
|
||||
|
||||
openssl x509 -noout -text -in intermediate/certs/intermediate.cert.pem
|
||||
|
||||
cat intermediate/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate/certs/ca-chain.cert.pem
|
||||
chmod 444 intermediate/certs/ca-chain.cert.pem
|
||||
|
||||
cd /root/ca
|
||||
openssl genrsa -out intermediate/private/www.example.com.key.pem 2048
|
||||
chmod 400 intermediate/private/www.example.com.key.pem
|
||||
|
||||
cd /root/ca
|
||||
echo "
|
||||
Enter pass phrase for www.example.com.key.pem: secretpassword
|
||||
You are about to be asked to enter information that will be incorporated
|
||||
into your certificate request.
|
||||
-----
|
||||
Country Name (2 letter code) [XX]:US
|
||||
State or Province Name []:California
|
||||
Locality Name []:Mountain View
|
||||
Organization Name []:Alice Ltd
|
||||
Organizational Unit Name []:Alice Ltd Web Services
|
||||
Common Name []:www.example.com
|
||||
Email Address []:
|
||||
"
|
||||
openssl req -config intermediate/openssl.cnf -key intermediate/private/www.example.com.key.pem -new -sha256 -out intermediate/csr/www.example.com.csr.pem
|
||||
|
||||
cd /root/ca
|
||||
openssl ca -config intermediate/openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in intermediate/csr/www.example.com.csr.pem -out intermediate/certs/www.example.com.cert.pem
|
||||
chmod 444 intermediate/certs/www.example.com.cert.pem
|
||||
|
||||
openssl x509 -noout -text -in intermediate/certs/www.example.com.cert.pem
|
||||
|
||||
openssl verify -CAfile intermediate/certs/ca-chain.cert.pem intermediate/certs/www.example.com.cert.pem
|
Loading…
Reference in New Issue