Generate CA config so firefox doesn't complain
This commit is contained in:
parent
7dd52bb14e
commit
ba35f1b10f
2 changed files with 28 additions and 4 deletions
16
basic_configs/ssl/CA.cnf.base
Normal file
16
basic_configs/ssl/CA.cnf.base
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[ req ]
|
||||||
|
prompt = no
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
C = ${CA_COUNTRYCODE}
|
||||||
|
ST = ${CA_STATEORTERRITORY}
|
||||||
|
L = ${CA_LOCATION}
|
||||||
|
O = ${CA_ORGNAME}
|
||||||
|
|
||||||
|
[v3_ca]
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
basicConstraints = critical,CA:TRUE
|
||||||
|
keyUsage = cRLSign, keyCertSign
|
||||||
|
nameConstraints = permitted;DNS:272254864.xyz
|
|
@ -1,9 +1,17 @@
|
||||||
#!/usr/bin/fish
|
#!/usr/bin/fish
|
||||||
|
|
||||||
openssl genrsa -out key.pem 2048
|
# setup vars
|
||||||
|
envsubst <CA.cnf.base >CA.cnf
|
||||||
|
|
||||||
openssl req -new -out server.csr -key key.pem -config local_cert.cnf
|
# gen CA Root
|
||||||
|
openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096
|
||||||
|
openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf
|
||||||
|
openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca
|
||||||
|
|
||||||
openssl x509 -req -days 9999 -in server.csr -signkey key.pem -out cert.pem -extensions v3_req -extfile local_cert.cnf
|
# gen cert
|
||||||
|
openssl genpkey -algorithm RSA -out local.key -pkeyopt rsa_keygen_bits:2048
|
||||||
|
openssl req -new -key local.key -extensions v3_ca -out local.csr -config local_cert.cnf
|
||||||
|
openssl x509 -req -sha256 -days 365 -in local.csr -CAkey self_ca.key -CA self_ca.crt -out local.crt -extfile local_cert.cnf -extensions v3_ca
|
||||||
|
|
||||||
rm server.csr
|
# cleanup
|
||||||
|
rm self_ca.key ca.csr local.csr CA.cnf
|
||||||
|
|
Loading…
Reference in a new issue