mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-28 00:06:09 +03:00
33 lines
859 B
Bash
33 lines
859 B
Bash
|
#!/bin/sh
|
||
|
set -e
|
||
|
|
||
|
name='example'
|
||
|
|
||
|
echo "
|
||
|
[req]
|
||
|
prompt = no
|
||
|
distinguished_name = dn
|
||
|
[dn]
|
||
|
CN = $name
|
||
|
[san]
|
||
|
subjectAltName = DNS:$name" >site.cnf
|
||
|
|
||
|
openssl genrsa -out ca.key 2048
|
||
|
openssl req -x509 -new -nodes -key ca.key -days 365 -out ca.pem -subj '/CN=Test Root CA'
|
||
|
|
||
|
openssl genrsa -out $name.key.rsa 2048
|
||
|
openssl ecparam -genkey -name prime256v1 -out $name.key.ecdsa
|
||
|
for key in rsa ecdsa; do
|
||
|
openssl req -new -nodes -key $name.key.$key -out $name.csr.$key -reqexts san -config site.cnf
|
||
|
openssl x509 -req -in $name.csr.$key -CA ca.pem -CAkey ca.key -CAcreateserial -out $name.pem.$key -days 365 -extensions san -extfile site.cnf
|
||
|
cat $name.key.$key >>$name.pem.$key
|
||
|
rm $name.key.$key $name.csr.$key
|
||
|
done
|
||
|
|
||
|
rm ca.key ca.srl site.cnf
|
||
|
|
||
|
echo
|
||
|
echo 'To trust the test CA:'
|
||
|
echo ' certutil -d "sql:$HOME/.pki/nssdb" -A -t C,, -n 'Test Root CA' -i ca.pem'
|
||
|
echo
|