49 lines
1.3 KiB
Bash
49 lines
1.3 KiB
Bash
#!/bin/sh
|
|
|
|
# http://www.vanemery.com/Linux/Apache/apache-SSL.html
|
|
|
|
CA="C=RU
|
|
ST=ST
|
|
O=MyOrg
|
|
localityName=Minsk
|
|
commonName=My Name
|
|
organizationalUnitName=None
|
|
emailAddress=myemail@gmail.com"
|
|
|
|
CERT="commonName=7x7.test
|
|
organization=MyOrg
|
|
organizationalUnitName=None"
|
|
|
|
EXTS="
|
|
[req]
|
|
x509_extensions = v3_ca
|
|
|
|
[v3_ca]
|
|
nsCertType = server
|
|
keyUsage = digitalSignature,nonRepudiation,keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid,issuer
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.1 = localhost
|
|
DNS.2 = 7x7.test
|
|
DNS.3 = *.7x7.test
|
|
IP.1 = 127.0.0.1
|
|
"
|
|
|
|
extfile="/tmp/openssl.conf.tmp"
|
|
|
|
# this creates a CA certificate, which should be added as trusted to operating system keychain / browser CA list
|
|
|
|
openssl genrsa -out "localhost-ca.key" 4096
|
|
openssl req -new -x509 -days 3650 -key "localhost-ca.key" -out "localhost-ca.crt" -subj "/$(echo "$CA" | tr "\n" "/")"
|
|
|
|
echo "$EXTS" > $extfile
|
|
|
|
openssl genrsa -out "7x7.test.key" 4096
|
|
openssl req -new -key "7x7.test.key" -out "7x7.test.csr" -subj "/$(echo "$CERT" | tr "\n" "/")" -sha256
|
|
openssl x509 -req -in "7x7.test.csr" -out "7x7.test.crt" -sha256 -CA "localhost-ca.crt" -CAkey "localhost-ca.key" -CAcreateserial -days 3650 -extfile "$extfile" -extensions v3_ca
|
|
|
|
rm -f "$extfile"
|