-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgen.sh
executable file
·54 lines (44 loc) · 1.31 KB
/
gen.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#! /usr/bin/env bash
# Generate self signed ca and server cert for localhost test
set -eou pipefail
CA="ca_cert.pem"
CA_KEY="ca_key.pem"
SERVER_CERT="server_cert.pem"
SERVER_KEY="server_key.pem"
HOST="quic.web"
IP="127.0.0.1"
# NOTICE quictls
export LD_LIBRARY_PATH=/usr/local/lib64
openssl version
# clean
rm -f $CA $CA_KEY $SERVER_CERT $SERVER_KEY
# 1. Generate self-signed certificate and private key
openssl req -x509 \
-newkey rsa:4096 \
-days 365 \
-keyout "${CA_KEY}" \
-out "${CA}" \
-subj "/C=CN/ST=Hubei/L=Wuhan/O=QUIC/OU=QUICUNIT/CN=localhost/emailAddress=ca@example.com" \
-noenc > /dev/null 2>&1
echo "CA's self-signed certificate DONE"
# openssl x509 -in "${CA}" -noout -text
# 2. Generate server cert and private key
openssl req -x509\
-newkey rsa:4096 \
-keyout "${SERVER_KEY}" \
-out "${SERVER_CERT}" \
-subj "/C=CN/ST=Hubei/L=Wuhan/O=QUIC/OU=QUICUNIT/CN=localhost/emailAddress=server@example.com" \
-addext "subjectAltName=DNS:${HOST},IP:${IP}" \
-CA "${CA}" \
-CAkey "${CA_KEY}" \
-copy_extensions copyall \
-days 365 \
-noenc > /dev/null 2>&1
echo "Server's certificate DONE"
# openssl x509 -in "${SERVER_CERT}" -noout -text
# 6. Verify server certificate
openssl verify \
-verbose \
-show_chain \
-trusted ${CA} \
"${SERVER_CERT}"