Openssl generate certificates

Moki Lv6
  2023-09-28 13:23 2023-09-28 13:23 Created   2023-09-28 13:23 2023-09-28 13:23 Updated   

generate.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/bash -x

KEY_SIZE=4096
DAYS=3650


# CA

if [ ! -f ca.crt ]; then
    openssl genrsa $KEY_SIZE > ca.key
    
    openssl req -new -x509 -nodes -days $DAYS \
        -subj /C=PL/ST=State/L=City/O=Organization/OU=Developer/CN=my.domain.com \
        -key ca.key \
        -out ca.crt
fi


# crt

if [ ! -f server.crt ]; then
    openssl req -newkey rsa:$KEY_SIZE -nodes -days $DAYS \
        -subj /C=PL/ST=State/L=City/O=Organization/OU=Developer/CN=my.domain.com \
        -keyout server.key \
        -out server.req
    
    openssl x509 -req -days $DAYS -set_serial 01 \
        -in server.req \
        -out server.crt \
        -CA ca.crt \
        -CAkey ca.key
fi


# Verify

openssl verify \
    -CAfile ca.crt \
    ca.crt \
    server.crt
Recommendations
EMQX RPC secured EMQX RPC secured Ansible disable key host checking Ansible disable key host checking JavaScript variable object key JavaScript variable object key
Recommendations
EMQX RPC secured EMQX RPC secured Ansible disable key host checking Ansible disable key host checking
On this page
Openssl generate certificates