2 năm trước cách đây · 60845fb779
--- a/resources/cert/make_certs.sh
+++ b/resources/cert/make_certs.sh
@@ -1,4 +1,8 @@
 
				 #!/bin/sh
			
 
				+
			
 
				+server_name="localhost"
			
 
				+cert_subject="/C=XX/ST=ExampleState/L=ExampleCity/O=ExampleCorp/OU=ExampleDepartment/CN=$server_name"
			
 
				+
			
 
				 echo "Creating new certificates"
			
 
				 rm server.* client.* rootCA.* server_bkup.*
			
 
				 echo "Using 'pass' for every password"
			
@@ -7,7 +11,7 @@ echo "Using 'pass' for every password"
 
				 echo "Generating a root CA ..."
			
 
				 
			
 
				 openssl genrsa -passout pass:pass -out rootCA.key 2048
			
 
				-openssl req -passout pass:pass -new -key rootCA.key -out rootCA.csr -subj "/C=AA/ST=localhost/L=localhost/O=localhost/OU=localhost/CN=localhost"
			
 
				+openssl req -passout pass:pass -new -key rootCA.key -out rootCA.csr -subj $cert_subject
			
 
				 # For a test certificate, use "AA" as "user assigned" language code: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#AA
			
 
				 
			
 
				 cp rootCA.key rootCA.key.orig
			
@@ -20,7 +24,7 @@ cat rootCA.key >> rootCA.pem
 
				 echo "Generating client certificate ..."
			
 
				 
			
 
				 openssl genrsa -passout pass:pass -out client.key 2048
			
 
				-openssl req -passout pass:pass -new -key client.key -out client.csr -subj "/C=AA/ST=localhost/L=localhost/O=localhost/OU=localhost/CN=localhost"
			
 
				+openssl req -passout pass:pass -new -key client.key -out client.csr -subj $cert_subject
			
 
				 
			
 
				 cp client.key client.key.orig
			
 
				 
			
@@ -37,7 +41,7 @@ openssl pkcs12 -passout pass:pass -export -inkey client.key -in client.pem -name
 
				 echo "Generating first server certificate ..."
			
 
				 
			
 
				 openssl genrsa -passout pass:pass -out server.key 2048
			
 
				-openssl req -passout pass:pass -new -key server.key -out server.csr -subj "/C=AA/ST=localhost/L=localhost/O=localhost/OU=localhost/CN=localhost"
			
 
				+openssl req -passout pass:pass -new -key server.key -out server.csr -subj $cert_subject
			
 
				 
			
 
				 cp server.key server.key.orig
			
 
				 
			
@@ -46,7 +50,7 @@ openssl rsa -in server.key.orig -out server.key
 
				 echo "authorityKeyIdentifier=keyid,issuer" > server.ext
			
 
				 echo "basicConstraints=critical,CA:FALSE" >> server.ext
			
 
				 echo "keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment" >> server.ext
			
 
				-echo "subjectAltName=DNS:localhost" >> server.ext
			
 
				+echo "subjectAltName=DNS:$server_name" >> server.ext
			
 
				 
			
 
				 openssl x509 -req -days 3650 -sha256 -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -extfile server.ext -in server.csr -out server.crt
			
 
				 #openssl x509 -req -days 3650 -sha256 -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -extfile server.ext -in server.csr -signkey server.key -out server.crt
			
@@ -67,7 +71,7 @@ cat server.pin
 
				 echo "Generating backup server certificate ..."
			
 
				 
			
 
				 openssl genrsa -passout pass:pass -out server_bkup.key 2048
			
 
				-openssl req -passout pass:pass -new -key server_bkup.key -out server_bkup.csr -subj "/C=AA/ST=localhost/L=localhost/O=localhost/OU=localhost/CN=localhost"
			
 
				+openssl req -passout pass:pass -new -key server_bkup.key -out server_bkup.csr -subj $cert_subject
			
 
				 
			
 
				 cp server_bkup.key server_bkup.key.orig