-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathprepare-server.sh
36 lines (25 loc) · 1.02 KB
/
prepare-server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
set -eu
#
# Prepare the certificate authority (self-signed).
#
cd /home/testca
# Create a self-signed certificate that will serve a certificate authority (CA).
# The private key is located under "private".
openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
# Encode our certificate with DER.
openssl x509 -in cacert.pem -out cacert.cer -outform DER
#
# Prepare the server's stuff.
#
cd /home/server
# Generate a private RSA key.
openssl genrsa -out key.pem 2048
# Generate a certificate from our private key.
openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes
# Sign the certificate with our CA.
cd /home/testca
openssl ca -config openssl.cnf -in /home/server/req.pem -out /home/server/cert.pem -notext -batch -extensions server_ca_extensions
# Create a key store that will contain our certificate.
cd /home/server
openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:roboconf