diff --git a/basic_configs/ssl/CA.cnf.base b/basic_configs/ssl/CA.cnf.base deleted file mode 100644 index 930da15..0000000 --- a/basic_configs/ssl/CA.cnf.base +++ /dev/null @@ -1,16 +0,0 @@ -[ req ] -prompt = no -distinguished_name = req_distinguished_name -x509_extensions = v3_ca - -[ req_distinguished_name ] -C = ${CA_COUNTRYCODE} -ST = ${CA_STATEORTERRITORY} -L = ${CA_LOCATION} -O = ${CA_ORGNAME} - -[v3_ca] -subjectKeyIdentifier = hash -basicConstraints = critical,CA:TRUE -keyUsage = cRLSign, keyCertSign -nameConstraints = permitted;DNS:272254864.xyz diff --git a/basic_configs/ssl/gen.fish b/basic_configs/ssl/gen.fish index 0216403..6fcba42 100755 --- a/basic_configs/ssl/gen.fish +++ b/basic_configs/ssl/gen.fish @@ -1,17 +1,11 @@ #!/usr/bin/fish -# setup vars -envsubst CA.cnf +set dist_name "/C=US/ST=No/L=No/O=self-cert/CN=self-cert" +envsubst local_cert.cnf -# gen CA Root -openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096 -openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf -openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca +openssl req -x509 -nodes -newkey RSA:2048 -keyout self_ca.key -days 999 -out self_ca.crt -subj $dist_name -# gen cert -openssl genpkey -algorithm RSA -out local.key -pkeyopt rsa_keygen_bits:2048 -openssl req -new -key local.key -extensions v3_ca -out local.csr -config local_cert.cnf -openssl x509 -req -sha256 -days 365 -in local.csr -CAkey self_ca.key -CA self_ca.crt -out local.crt -extfile local_cert.cnf -extensions v3_ca +openssl req -nodes -newkey RSA:2048 -keyout local.key -out local.csr -subj $dist_name +openssl x509 -req -CA self_ca.crt -CAkey self_ca.key -in local.csr -out local.crt -days 999 -CAcreateserial -extfile local_cert.cnf -# cleanup -rm self_ca.key ca.csr local.csr CA.cnf +rm local.csr local_cert.cnf self_ca.key self_ca.srl diff --git a/basic_configs/ssl/local_cert.cnf b/basic_configs/ssl/local_cert.cnf deleted file mode 100644 index d66ff4a..0000000 --- a/basic_configs/ssl/local_cert.cnf +++ /dev/null @@ -1,22 +0,0 @@ -[ req ] -default_bits = 2048 - -prompt = no -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[req_distinguished_name] -countryName = PK -stateOrProvinceName = Sindh -localityName = Karachi -commonName = 272254864.xyz - -[v3_req] -basicConstraints = CA:true -subjectKeyIdentifier = hash -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -subjectAltName = @alt_names - -[alt_names] -DNS.1 = *.272254864.xyz diff --git a/basic_configs/ssl/local_cert.cnf.base b/basic_configs/ssl/local_cert.cnf.base new file mode 100644 index 0000000..e0f0336 --- /dev/null +++ b/basic_configs/ssl/local_cert.cnf.base @@ -0,0 +1,5 @@ +subjectAltName = DNS:*.$DOMAIN, DNS:$DOMAIN +authorityKeyIdentifier = keyid, issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth