42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
|
---
|
||
|
|
creation date: 2023-11-23
|
||
|
|
tags: [cert,ssl,openssl,server,linux]
|
||
|
|
---
|
||
|
|
|
||
|
|
```shell
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
#
|
||
|
|
# Based on https://gist.github.com/mtigas/952344
|
||
|
|
|
||
|
|
CLIENT_ID="user";
|
||
|
|
CLIENT_SERIAL="01";
|
||
|
|
|
||
|
|
echo "Create a Certificate Authority root";
|
||
|
|
|
||
|
|
openssl genrsa -aes256 -passout pass:xxxx -out ca.pass.key 4096
|
||
|
|
openssl rsa -passin pass:xxxx -in ca.pass.key -out ca.key
|
||
|
|
rm ca.pass.key
|
||
|
|
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
|
||
|
|
|
||
|
|
echo "Create the Client Key and CSR";
|
||
|
|
|
||
|
|
openssl genrsa -aes256 -passout pass:xxxx -out ${CLIENT_ID}.pass.key 4096
|
||
|
|
openssl rsa -passin pass:xxxx -in ${CLIENT_ID}.pass.key -out ${CLIENT_ID}.key
|
||
|
|
rm ${CLIENT_ID}.pass.key
|
||
|
|
openssl req -new -key ${CLIENT_ID}.key -out ${CLIENT_ID}.csr
|
||
|
|
openssl x509 -req -days 3650 -in ${CLIENT_ID}.csr -CA ca.pem -CAkey ca.key -set_serial ${CLIENT_SERIAL} -out ${CLIENT_ID}.pem
|
||
|
|
cat ${CLIENT_ID}.key ${CLIENT_ID}.pem ca.pem > ${CLIENT_ID}.full.pem
|
||
|
|
|
||
|
|
|
||
|
|
echo "Bundle client key into a PFX file";
|
||
|
|
openssl pkcs12 -export -out ${CLIENT_ID}.full.pfx -inkey ${CLIENT_ID}.key -in ${CLIENT_ID}.pem -certfile ca.pem
|
||
|
|
|
||
|
|
|
||
|
|
echo "use ca.pem on nginx, import ${CLIENT_ID}.full.pfx into browser"
|
||
|
|
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|