-
-
Save devodla/15a3c63213ce9e90047d812d1e071b74 to your computer and use it in GitHub Desktop.
Script to create self-signed CA certificates, server certificates, and client certificates for testing MongoDB with SSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Generate self signed root CA cert | |
| openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=BR/ST=SP/L=Sao Paulo/O=Layme Inc/OU=root/CN=`hostname -f`/[email protected]" | |
| # Generate server cert to be signed | |
| openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=BR/ST=SP/L=Sao Paulo/O=Layme Inc/OU=server/CN=`hostname -f`/[email protected]" | |
| # Sign the server cert | |
| openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt | |
| # Create server PEM file | |
| cat server.key server.crt > server.pem | |
| # Generate client cert to be signed | |
| openssl req -nodes -newkey rsa:2048 -keyout onlyreynaldo.key -out onlyreynaldo.csr -subj "/C=BR/ST=SP/L=Sao Paulo/O=Layme Inc/OU=client/CN=onlyreynaldo/[email protected]" | |
| # Sign the client cert | |
| openssl x509 -req -in onlyreynaldo.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out onlyreynaldo.crt | |
| # Create client PEM file | |
| cat onlyreynaldo.key onlyreynaldo.crt > onlyreynaldo.pem | |
| # Create clientPFX file (for Java, C#, etc) | |
| # openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx | |
| # Start mongod with SSL | |
| # mkdir -p data/db | |
| # mongod --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.crt --dbpath data/db --logpath data/mongod.log --fork | |
| # Connect to mongod with SSL | |
| # mongo --ssl --sslCAFile ca.crt --sslPEMKeyFile client.pem --host `hostname -f` |
Author
Author
Changed ã for a, not admited characters speciales
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Changed to client onlyreynaldo admin database