1
0
Fork 0
knowledge-base/KB/Linux/Server/Client certificate generation.md

1.1 KiB

creation date tags
2023-11-23
cert
ssl
openssl
server
linux
#!/usr/bin/env bash
#
# Based on https://gist.github.com/mtigas/952344

CLIENT_ID="user";
CLIENT_SERIAL="01";

echo "Create a Certificate Authority root";

openssl genrsa -aes256 -passout pass:xxxx -out ca.pass.key 4096
openssl rsa -passin pass:xxxx -in ca.pass.key -out ca.key
rm ca.pass.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem

echo "Create the Client Key and CSR";

openssl genrsa -aes256 -passout pass:xxxx -out ${CLIENT_ID}.pass.key 4096
openssl rsa -passin pass:xxxx -in ${CLIENT_ID}.pass.key -out ${CLIENT_ID}.key
rm ${CLIENT_ID}.pass.key
openssl req -new -key ${CLIENT_ID}.key -out ${CLIENT_ID}.csr
openssl x509 -req -days 3650 -in ${CLIENT_ID}.csr -CA ca.pem -CAkey ca.key -set_serial ${CLIENT_SERIAL} -out ${CLIENT_ID}.pem
cat ${CLIENT_ID}.key ${CLIENT_ID}.pem ca.pem > ${CLIENT_ID}.full.pem


echo "Bundle client key into a PFX file";
openssl pkcs12 -export -out ${CLIENT_ID}.full.pfx -inkey ${CLIENT_ID}.key -in ${CLIENT_ID}.pem -certfile ca.pem


echo "use ca.pem on nginx, import ${CLIENT_ID}.full.pfx into browser"