Home Explore Help
Sign In
SMusatov
/
dim
mirror of https://github.com/Dusk-Labs/dim.git
1
0
Fork 0
Files
Branch: master
Branches Tags
dim
/
bin
/
gen_cert.sh

gen_cert.sh 915 B
Permalink History Raw

123456789101112131415161718192021 
  1. #! /bin/bash
    2. 

  2. 

  3. # TODO: `rustls` (really, `webpki`) doesn't currently use the CN in the subject
    4. 

  4. # to check if a certificate is valid for a server name sent via SNI. It's not
    5. 

  5. # clear if this is intended, since certificates _should_ have a `subjectAltName`
    6. 

  6. # with a DNS name, or if it simply hasn't been implemented yet. See
    7. 

  7. # https://bugzilla.mozilla.org/show_bug.cgi?id=552346 for a bit more info.
    8. 

  8. 

  9. CA_SUBJECT="/C=UK/O=Dim CA/CN=Dim Labs CA"
    10. 

  10. SUBJECT="/C=UK/O=Dim/CN=localhost"
    11. 

  11. ALT="DNS:localhost"
    12. 

  12. 

  13. openssl genrsa -out ca_key.pem 4096
    14. 

  14. openssl req -new -x509 -days 3650 -key ca_key.pem -subj "${CA_SUBJECT}" -out ca_cert.pem
    15. 

  15. 

  16. openssl req -newkey rsa:4096 -nodes -sha256 -keyout key.pem -subj "${SUBJECT}" -out server.csr
    17. 

  17. openssl x509 -req -sha256 -extfile <(printf "subjectAltName=${ALT}") -days 3650 \
    18. 

  18.     -CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial \
    19. 

  19.     -in server.csr -out cert.pem
    20. 

  20. 

  21. rm ca_cert.srl server.csr
    22.