Skip to content

Instantly share code, notes, and snippets.

@yongs2

yongs2/generate-certificates.sh

Created July 17, 2019 10:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save yongs2/d6c0f0e01f2e3e6eb9a4cdc8695d4ef5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save yongs2/d6c0f0e01f2e3e6eb9a4cdc8695d4ef5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @bjanderson bjanderson revised this gist Aug 3, 2016. 1 changed file with 132 additions and 0 deletions.
    132 changes: 132 additions & 0 deletions generate-test-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,132 @@
    #!/bin/bash

    rm *.crt
    rm *.csr
    rm *.key
    rm *.p12
    rm *.srl

    # set values for certificate DNs
    # note: CN is set to different values in the sections below
    ORG="000_Test_Certificates"

    # set values that the commands will share
    VALID_DAYS=360
    CA_KEY=ca.key
    CA_CERT=ca.crt
    SERVER_KEY=server.key
    SERVER_CERT=server.crt
    SERVER_CSR=server.csr
    KEY_BITS=2048

    echo
    echo "Create CA certificate..."
    CN="Test CA"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CN/O=$ORG" -out $CA_CERT
    echo "Done."

    echo
    echo "Creating Server certificate..."
    CN="localhost"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
    openssl req -new -key $SERVER_KEY -subj "/CN=$CN/O=$ORG" -out $SERVER_CSR
    openssl x509 -days $VALID_DAYS -req -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
    echo "Done."

    echo
    echo "Creating Client certificate testuser1..."
    CLIENT_KEY=testuser_1.key
    CLIENT_CERT=testuser_1.crt
    CLIENT_CSR=testuser_1.csr
    CLIENT_P12=testuser_1.p12
    CN="Test User 1"
    USER_ID="testuser1"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    echo "Creating Client certificate testuser2..."
    CLIENT_KEY=testuser_2.key
    CLIENT_CERT=testuser_2.crt
    CLIENT_CSR=testuser_2.csr
    CLIENT_P12=testuser_2.p12
    CN="Test User 2"
    USER_ID="testuser2"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    echo "Creating Client certificate unknown..."
    CLIENT_KEY=testuser_unknown.key
    CLIENT_CERT=testuser_unknown.crt
    CLIENT_CSR=testuser_unknown.csr
    CLIENT_P12=testuser_unknown.p12
    CN="Test User Unknown"
    USER_ID="unknown"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    echo "Creating Client certificate expired..."
    CLIENT_KEY=testuser_expired.key
    CLIENT_CERT=testuser_expired.crt
    CLIENT_CSR=testuser_expired.csr
    CLIENT_P12=testuser_expired.p12
    CN="Test User Expired"
    USER_ID="expired"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days -1 -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    echo "Create invalid CA certificate..."
    CA_KEY=ca2.key
    CA_CERT=ca2.crt
    CN="Test CA"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CN/O=$ORG" -out $CA_CERT
    echo "Done."

    echo
    echo "Creating Client certificate invalid..."
    CLIENT_KEY=testuser_invalid.key
    CLIENT_CERT=testuser_invalid.crt
    CLIENT_CSR=testuser_invalid.csr
    CLIENT_P12=testuser_invalid.p12
    CN="Test User Invalid"
    USER_ID="invalid"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    echo "Remove files that we don't need..."
    rm *.csr
    rm *.srl
    rm testuser_*.crt
    rm testuser_*.key
    rm ca*.key
    echo "Done."

    echo
    echo "----- Don't forget to import your ca.crt and client .p12 certificates into your browser -----"
    echo
  2. @bjanderson bjanderson revised this gist Jul 9, 2016. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -2,7 +2,7 @@

    # set values for certificate DNs
    # note: CN is set to different values in the sections below
    O="000_Test_Certificates"
    ORG="000_Test_Certificates"

    # set values that the commands will share
    VALID_DAYS=360
    @@ -21,14 +21,14 @@ echo
    echo "Create CA certificate..."
    CN="Test CA"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CN/O=$O" -out $CA_CERT
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CN/O=$ORG" -out $CA_CERT
    echo "Done."

    echo
    echo "Creating Server certificate..."
    CN="localhost"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
    openssl req -new -key $SERVER_KEY -subj "/CN=$CN/O=$O" -out $SERVER_CSR
    openssl req -new -key $SERVER_KEY -subj "/CN=$CN/O=$ORG" -out $SERVER_CSR
    openssl x509 -days $VALID_DAYS -req -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
    echo "Done."

    @@ -38,7 +38,7 @@ CN="Test User 1"
    USER_ID="testuser1"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$O/UID=$USER_ID" -out $CLIENT_CSR
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$ORG/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."
  3. @bjanderson bjanderson revised this gist Jul 9, 2016. 1 changed file with 0 additions and 8 deletions.
    8 changes: 0 additions & 8 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -1,13 +1,5 @@
    #!/bin/bash

    echo "Clean out old certificates..."
    rm *.crt
    rm *.csr
    rm *.key
    rm *.p12
    rm *.srl
    echo "Done."

    # set values for certificate DNs
    # note: CN is set to different values in the sections below
    O="000_Test_Certificates"
  4. @bjanderson bjanderson revised this gist Jul 9, 2016. 2 changed files with 12 additions and 21 deletions.
    31 changes: 12 additions & 19 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,5 @@
    #!/bin/bash

    echo
    echo "Clean out old certificates..."
    rm *.crt
    rm *.csr
    @@ -11,11 +10,7 @@ echo "Done."

    # set values for certificate DNs
    # note: CN is set to different values in the sections below
    O="AAAA Test Organization"
    OU="OrganizationUnit"
    C="US"
    ST="State"
    L="Location"
    O="000_Test_Certificates"

    # set values that the commands will share
    VALID_DAYS=360
    @@ -28,34 +23,32 @@ CLIENT_P12=client.p12
    SERVER_KEY=server.key
    SERVER_CERT=server.crt
    SERVER_CSR=server.csr
    CA_BITS=4096
    CERT_BITS=2048
    KEY_BITS=2048

    echo
    echo "Create CA certificate..."
    CN="Test CA"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CA_BITS -pass file:passphrase -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $CA_CERT
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -subj "/CN=$CN/O=$O" -out $CA_CERT
    echo "Done."

    echo
    echo "Creating Server certificate..."
    CN="localhost"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $SERVER_KEY
    openssl req -new -key $SERVER_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $SERVER_CSR
    openssl x509 -days $VALID_DAYS -req -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $SERVER_CERT
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $SERVER_KEY
    openssl req -new -key $SERVER_KEY -subj "/CN=$CN/O=$O" -out $SERVER_CSR
    openssl x509 -days $VALID_DAYS -req -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $SERVER_CERT
    echo "Done."

    echo
    echo "Creating Client certificate..."
    CN="Test_User"
    CN="Test User 1"
    USER_ID="testuser1"
    P12_NAME="Test User"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$USER_ID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -passin file:passphrase -name "$P12_NAME" -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$KEY_BITS -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -subj "/CN=$CN/O=$O/UID=$USER_ID" -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -out $CLIENT_CERT
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
    2 changes: 0 additions & 2 deletions passphrase
    View file
    Original file line number Diff line number Diff line change
    @@ -1,2 +0,0 @@
    P@$$W0rd
    P@$$W0rd
  5. @bjanderson bjanderson revised this gist Jun 25, 2016. 1 changed file with 0 additions and 4 deletions.
    4 changes: 0 additions & 4 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -55,10 +55,6 @@ P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$USER_ID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    echo "Done."

    echo
    echo "Converting client certificate to p12..."
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -passin file:passphrase -name "$P12_NAME" -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

  6. @bjanderson bjanderson revised this gist Jun 25, 2016. 1 changed file with 4 additions and 3 deletions.
    7 changes: 4 additions & 3 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -29,8 +29,7 @@ SERVER_KEY=server.key
    SERVER_CERT=server.crt
    SERVER_CSR=server.csr
    CA_BITS=4096
    CERT_BITS=1024
    P12_NAME="Test User"
    CERT_BITS=2048

    echo
    echo "Create CA certificate..."
    @@ -51,14 +50,16 @@ echo
    echo "Creating Client certificate..."
    CN="Test_User"
    USER_ID="testuser1"
    P12_NAME="Test User"
    P12_PASSWORD=
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$USER_ID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    echo "Done."

    echo
    echo "Converting client certificate to p12..."
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -passin file:passphrase -name "$P12_NAME" -export -password pass: -out $CLIENT_P12
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -passin file:passphrase -name "$P12_NAME" -export -password pass:$P12_PASSWORD -out $CLIENT_P12
    echo "Done."

    echo
  7. @bjanderson bjanderson revised this gist Jun 23, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -50,7 +50,7 @@ echo "Done."
    echo
    echo "Creating Client certificate..."
    CN="Test_User"
    USER_ID="test.user.1"
    USER_ID="testuser1"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$USER_ID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
  8. @bjanderson bjanderson revised this gist Jun 23, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -50,9 +50,9 @@ echo "Done."
    echo
    echo "Creating Client certificate..."
    CN="Test_User"
    UID="test.user.1"
    USER_ID="test.user.1"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$UID" -passout file:passphrase -out $CLIENT_CSR
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$USER_ID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    echo "Done."

  9. @bjanderson bjanderson revised this gist Jun 23, 2016. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -50,8 +50,9 @@ echo "Done."
    echo
    echo "Creating Client certificate..."
    CN="Test_User"
    UID="test.user.1"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $CLIENT_CSR
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L/UID=$UID" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    echo "Done."

  10. @bjanderson bjanderson created this gist Jun 21, 2016.
    65 changes: 65 additions & 0 deletions generate-certificates.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,65 @@
    #!/bin/bash

    echo
    echo "Clean out old certificates..."
    rm *.crt
    rm *.csr
    rm *.key
    rm *.p12
    rm *.srl
    echo "Done."

    # set values for certificate DNs
    # note: CN is set to different values in the sections below
    O="AAAA Test Organization"
    OU="OrganizationUnit"
    C="US"
    ST="State"
    L="Location"

    # set values that the commands will share
    VALID_DAYS=360
    CA_KEY=ca.key
    CA_CERT=ca.crt
    CLIENT_KEY=client.key
    CLIENT_CERT=client.crt
    CLIENT_CSR=client.csr
    CLIENT_P12=client.p12
    SERVER_KEY=server.key
    SERVER_CERT=server.crt
    SERVER_CSR=server.csr
    CA_BITS=4096
    CERT_BITS=1024
    P12_NAME="Test User"

    echo
    echo "Create CA certificate..."
    CN="Test CA"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CA_BITS -pass file:passphrase -out $CA_KEY
    openssl req -new -x509 -days $VALID_DAYS -key $CA_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $CA_CERT
    echo "Done."

    echo
    echo "Creating Server certificate..."
    CN="localhost"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $SERVER_KEY
    openssl req -new -key $SERVER_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $SERVER_CSR
    openssl x509 -days $VALID_DAYS -req -in $SERVER_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $SERVER_CERT
    echo "Done."

    echo
    echo "Creating Client certificate..."
    CN="Test_User"
    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:$CERT_BITS -pass file:passphrase -out $CLIENT_KEY
    openssl req -new -key $CLIENT_KEY -passin file:passphrase -subj "/CN=$CN/O=$O/OU=$OU/C=$C/ST=$ST/L=$L" -passout file:passphrase -out $CLIENT_CSR
    openssl x509 -days $VALID_DAYS -req -in $CLIENT_CSR -CAcreateserial -CA $CA_CERT -CAkey $CA_KEY -passin file:passphrase -out $CLIENT_CERT
    echo "Done."

    echo
    echo "Converting client certificate to p12..."
    openssl pkcs12 -in $CLIENT_CERT -inkey $CLIENT_KEY -passin file:passphrase -name "$P12_NAME" -export -password pass: -out $CLIENT_P12
    echo "Done."

    echo
    echo "----- Don't forget to open your browser and install your $CA_CERT and $CLIENT_P12 certificates -----"
    echo
    2 changes: 2 additions & 0 deletions passphrase
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,2 @@
    P@$$W0rd
    P@$$W0rd