civetweb/resources/cert/make_certs.sh

#!/bin/sh
#using "pass" for every password

echo "Generating client certificate ..."

openssl genrsa -des3 -out client.key 2048
openssl req -new -key client.key -out client.csr

cp client.key client.key.orig

openssl rsa -in client.key.orig -out client.key

openssl x509 -req -days 3650 -in client.csr -signkey client.key -out client.crt

cp client.crt client.pem
cat client.key >> client.pem

openssl pkcs12 -export -inkey client.key -in client.pem -name ClientName -out client.pfx


echo "Generating first server certificate ..."

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr

cp server.key server.key.orig

openssl rsa -in server.key.orig -out server.key

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

cp server.crt server.pem
cat server.key >> server.pem

openssl pkcs12 -export -inkey server.key -in server.pem -name ServerName -out server.pfx

echo "First server certificate hash for Public-Key-Pins header:"

openssl x509 -pubkey < server.crt | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 > server.pin

cat server.pin

echo "Generating backup server certificate ..."

openssl genrsa -des3 -out server_bkup.key 2048
openssl req -new -key server_bkup.key -out server_bkup.csr

cp server_bkup.key server_bkup.key.orig

openssl rsa -in server_bkup.key.orig -out server_bkup.key

openssl x509 -req -days 3650 -in server_bkup.csr -signkey server_bkup.key -out server_bkup.crt

cp server_bkup.crt server_bkup.pem
cat server_bkup.key >> server_bkup.pem

openssl pkcs12 -export -inkey server_bkup.key -in server_bkup.pem -name ServerName -out server_bkup.pfx

echo "Backup server certificate hash for Public-Key-Pins header:"

openssl x509 -pubkey < server_bkup.crt | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 > server_bkup.pin

cat server_bkup.pin