diff --git a/basic_configs/ssl/CA.cnf b/basic_configs/ssl/CA.cnf new file mode 100644 index 0000000..bc22465 --- /dev/null +++ b/basic_configs/ssl/CA.cnf @@ -0,0 +1,16 @@ +[ req ] +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca + +[ req_distinguished_name ] +C = PK +ST = Sindh +L = Karachi +O = mahmad + +[v3_ca] +subjectKeyIdentifier = hash +basicConstraints = critical,CA:TRUE +keyUsage = cRLSign, keyCertSign +nameConstraints = permitted;DNS:272254864.xyz diff --git a/basic_configs/ssl/gen.fish b/basic_configs/ssl/gen.fish index 10b0847..257e929 100755 --- a/basic_configs/ssl/gen.fish +++ b/basic_configs/ssl/gen.fish @@ -1,9 +1,14 @@ #!/usr/bin/fish -openssl genrsa -out key.pem 2048 +# gen CA Root +openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096 +openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf +openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca -openssl req -new -out server.csr -key key.pem -config local_cert.cnf +# gen cert +openssl genpkey -algorithm RSA -out jormungandr.key -pkeyopt rsa_keygen_bits:2048 +openssl req -new -key jormungandr.key -extensions v3_ca -out jormungandr.csr -config local_cert.cnf +openssl x509 -req -sha256 -days 365 -in jormungandr.csr -CAkey self_ca.key -CA self_ca.crt -out jormungandr.crt -extfile local_cert.cnf -extensions v3_ca -openssl x509 -req -days 9999 -in server.csr -signkey key.pem -out cert.pem -extensions v3_req -extfile local_cert.cnf - -rm server.csr +# cleanup +rm self_ca.key ca.csr jormungandr.csr diff --git a/basic_configs/ssl/local_cert.cnf b/basic_configs/ssl/local_cert.cnf index d66ff4a..01fd670 100644 --- a/basic_configs/ssl/local_cert.cnf +++ b/basic_configs/ssl/local_cert.cnf @@ -1,22 +1,14 @@ [ req ] -default_bits = 2048 - -prompt = no distinguished_name = req_distinguished_name -req_extensions = v3_req +x509_extensions = v3_ca +prompt = no [req_distinguished_name] -countryName = PK -stateOrProvinceName = Sindh -localityName = Karachi -commonName = 272254864.xyz +CN = 272254864.xyz -[v3_req] -basicConstraints = CA:true -subjectKeyIdentifier = hash -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = *.272254864.xyz +[v3_ca] +basicConstraints = CA:FALSE +subjectAltName = DNS:*.272254864.xyz +extendedKeyUsage = serverAuth +