#!/usr/bin/fish # setup vars envsubst CA.cnf # gen CA Root openssl genpkey -algorithm RSA -out self_ca.key -pkeyopt rsa_keygen_bits:4096 openssl req -new -key self_ca.key -out ca.csr -extensions v3_ca -config CA.cnf openssl x509 -req -sha256 -days 365 -in ca.csr -signkey self_ca.key -extfile CA.cnf -out self_ca.crt -extensions v3_ca # gen cert openssl genpkey -algorithm RSA -out local.key -pkeyopt rsa_keygen_bits:2048 openssl req -new -key local.key -extensions v3_ca -out local.csr -config local_cert.cnf openssl x509 -req -sha256 -days 365 -in local.csr -CAkey self_ca.key -CA self_ca.crt -out local.crt -extfile local_cert.cnf -extensions v3_ca # cleanup rm self_ca.key ca.csr local.csr CA.cnf