dex/examples/grpc-client/cert-gen

#!/bin/bash

if [ -z $SAN ]
  then echo "Set SAN with a DNS or IP(e.g. export SAN=IP.1:127.0.0.1,IP.2:172.18.0.2)."
  exit 1
fi

echo "Creating CA, server cert/key, and client cert/key..."

# Creating basic files/directories
mkdir -p {certs,crl,newcerts}
touch index.txt
echo 1000 > serial

# CA private key (unencrypted)
openssl genrsa -out ca.key 4096
# Certificate Authority (self-signed certificate)
openssl req -config examples/grpc-client/openssl.conf -new -x509 -days 3650 -sha256 -key ca.key -extensions v3_ca -out ca.crt -subj "/CN=fake-ca"

# Server private key (unencrypted)
openssl genrsa -out server.key 2048
# Server certificate signing request (CSR)
openssl req -config examples/grpc-client/openssl.conf -new -sha256 -key server.key -out server.csr -subj "/CN=fake-server"
# Certificate Authority signs CSR to grant a certificate
openssl ca -batch -config examples/grpc-client/openssl.conf -extensions server_cert -days 365 -notext -md sha256 -in server.csr -out server.crt -cert ca.crt -keyfile ca.key

# Client private key (unencrypted)
openssl genrsa -out client.key 2048
# Signed client certificate signing request (CSR)
openssl req -config examples/grpc-client/openssl.conf -new -sha256 -key client.key -out client.csr -subj "/CN=fake-client"
# Certificate Authority signs CSR to grant a certificate
openssl ca -batch -config examples/grpc-client/openssl.conf -extensions usr_cert -days 365 -notext -md sha256 -in client.csr -out client.crt -cert ca.crt -keyfile ca.key

# Remove CSR's
rm *.csr
examples: adding a gRPC client example. 2017-02-20 16:45:32 +00:00			`#!/bin/bash`

			`if [ -z $SAN ]`
			`then echo "Set SAN with a DNS or IP(e.g. export SAN=IP.1:127.0.0.1,IP.2:172.18.0.2)."`
			`exit 1`
			`fi`

			`echo "Creating CA, server cert/key, and client cert/key..."`

			`# Creating basic files/directories`
			`mkdir -p {certs,crl,newcerts}`
			`touch index.txt`
			`echo 1000 > serial`

			`# CA private key (unencrypted)`
			`openssl genrsa -out ca.key 4096`
			`# Certificate Authority (self-signed certificate)`
			`openssl req -config examples/grpc-client/openssl.conf -new -x509 -days 3650 -sha256 -key ca.key -extensions v3_ca -out ca.crt -subj "/CN=fake-ca"`

			`# Server private key (unencrypted)`
			`openssl genrsa -out server.key 2048`
			`# Server certificate signing request (CSR)`
			`openssl req -config examples/grpc-client/openssl.conf -new -sha256 -key server.key -out server.csr -subj "/CN=fake-server"`
			`# Certificate Authority signs CSR to grant a certificate`
			`openssl ca -batch -config examples/grpc-client/openssl.conf -extensions server_cert -days 365 -notext -md sha256 -in server.csr -out server.crt -cert ca.crt -keyfile ca.key`

			`# Client private key (unencrypted)`
			`openssl genrsa -out client.key 2048`
			`# Signed client certificate signing request (CSR)`
			`openssl req -config examples/grpc-client/openssl.conf -new -sha256 -key client.key -out client.csr -subj "/CN=fake-client"`
			`# Certificate Authority signs CSR to grant a certificate`
			`openssl ca -batch -config examples/grpc-client/openssl.conf -extensions usr_cert -days 365 -notext -md sha256 -in client.csr -out client.crt -cert ca.crt -keyfile ca.key`

			`# Remove CSR's`
			`rm *.csr`