naiveproxy/make-test-certs.sh
2018-12-02 20:11:38 -05:00

33 lines
859 B
Bash
Executable File

#!/bin/sh
set -e
name='example'
echo "
[req]
prompt = no
distinguished_name = dn
[dn]
CN = $name
[san]
subjectAltName = DNS:$name" >site.cnf
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 365 -out ca.pem -subj '/CN=Test Root CA'
openssl genrsa -out $name.key.rsa 2048
openssl ecparam -genkey -name prime256v1 -out $name.key.ecdsa
for key in rsa ecdsa; do
openssl req -new -nodes -key $name.key.$key -out $name.csr.$key -reqexts san -config site.cnf
openssl x509 -req -in $name.csr.$key -CA ca.pem -CAkey ca.key -CAcreateserial -out $name.pem.$key -days 365 -extensions san -extfile site.cnf
cat $name.key.$key >>$name.pem.$key
rm $name.key.$key $name.csr.$key
done
rm ca.key ca.srl site.cnf
echo
echo 'To trust the test CA:'
echo ' certutil -d "sql:$HOME/.pki/nssdb" -A -t C,, -n 'Test Root CA' -i ca.pem'
echo