#!/bin/bash genCAKey() { openssl genrsa -out CA.key 2048 } genCACert() { openssl req -key CA.key -new -out CA.csr -subj "/C=US/ST=San Francisco/L=California/O=automotivelinux.org/CN=localhost-ca/emailAddress=agl-dev-community@lists.automotivelinux.org" openssl x509 -signkey CA.key -in CA.csr -req -days 3650 -out CA.pem } genKey() { openssl genrsa -out $1.key 2048 } genCert() { openssl req -new -key $1.key -out $1.csr -passin pass:"temp" -subj "/C=US/ST=San Francisco/L=California/O=automotivelinux.org/CN=$1/emailAddress=agl-dev-community@lists.automotivelinux.org" openssl x509 -req -in $1.csr -extfile <(printf "subjectAltName=DNS:$1,DNS:localhost,IP:127.0.0.1") -CA CA.pem -CAkey CA.key -CAcreateserial -days 1460 -out $1.pem openssl verify -CAfile CA.pem $1.pem } set -e # Check if the CA is available, else make CA certificates if [ -f "CA.key" ]; then echo "Existing CA.key will be used" else echo "No CA.key found, will generate new key" genCAKey rm -f CA.pem echo "" fi # Check if the CA.pem is available, else generate a new CA.pem if [ -f "CA.pem" ]; then echo "CA.pem will not be regenerated" else echo "No CA.pem found, will generate new CA.pem" genCACert echo "" fi for i in Server Client; do if [ -f $i.key ]; then echo "Existing $i.key will be used" else echo "No $i.key found, will generate new key" genKey $i fi echo "" echo "Generating $i.pem" genCert $i echo "" done