#!/bin/bash
|
|
set -e
|
|
function genAndSign() {
|
local cn=$1
|
local file=$2
|
openssl genrsa -out "/tmp/${file}.key" 2048
|
openssl req -new -key "/tmp/${file}.key" -out "/tmp/${file}.csr" -subj "/CN=${cn}/"
|
openssl x509 -req -in "/tmp/${file}.csr" -out "/tmp/${file}.crt" \
|
-CA /tmp/ca.crt -CAkey /tmp/ca.key -CAcreateserial
|
cat "/tmp/${file}.crt" "/tmp/${file}.key" > "/tmp/${file}.pem"
|
}
|
|
openssl genrsa -out /tmp/ca.key 2048
|
openssl req -new -key /tmp/ca.key -out /tmp/ca.crt -subj '/CN=Test CA/' -x509
|
|
genAndSign "127.0.0.1" "correct"
|
genAndSign "127.0.0.2" "wrongcn"
|