luasec/samples/certs/serverB.sh
Jonas Schäfer 8bcabff0c1 Modernize certificate generation
- Use 2048 bit keys (required for modern OpenSSL)
- Use SHA256 instead of SHA1 (required for modern OpenSSL)
- Add a SubjectAltName to be able to trigger certain edge-cases
- Add all.sh to conveniently re-generate certificates
2018-11-19 15:56:42 +01:00

13 lines
414 B
Bash
Executable File

#!/bin/sh
openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
-config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
-extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
-out serverBcert.pem -days 365
cat serverBcert.pem rootB.pem > serverB.pem
openssl x509 -subject -issuer -noout -in serverB.pem