mirror of
https://github.com/EpinelPS/EpinelPS.git
synced 2025-12-13 07:24:52 +01:00
39 lines
1.3 KiB
Bash
39 lines
1.3 KiB
Bash
######################
|
|
# Become a Certificate Authority
|
|
######################
|
|
|
|
# Generate private key
|
|
openssl genrsa -des3 -out myCA.key 2048
|
|
# Generate root certificate
|
|
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 825 -out myCA.pem
|
|
|
|
######################
|
|
# Create CA-signed certs
|
|
######################
|
|
|
|
NAME=mydomain.example # Use your own domain name
|
|
# Generate a private key
|
|
openssl genrsa -out $NAME.key 2048
|
|
# Create a certificate-signing request
|
|
openssl req -new -key $NAME.key -out $NAME.csr
|
|
# Create a config file for the extensions
|
|
>$NAME.ext cat <<-EOF
|
|
authorityKeyIdentifier=keyid,issuer
|
|
basicConstraints=CA:FALSE
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.1 = *.nikke-kr.com
|
|
DNS.2 = aws-na-dr.intlgame.com
|
|
DNS.3 = *.intlgame.com
|
|
IP.1 = 192.168.3.13 # Optionally, add an IP address (if the connection which you have planned requires it)
|
|
EOF
|
|
# Create the signed certificate
|
|
openssl x509 -req -in $NAME.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
|
|
-out $NAME.crt -days 825 -sha256 -extfile $NAME.ext
|
|
|
|
# Convert CA Cert to pfx
|
|
openssl pkcs12 -export -out myCA.pfx -inkey myCA.key -in myCA.pem
|
|
|
|
# Convert site cert to pfx
|
|
openssl pkcs12 -export -out site.pfx -inkey mydomain.example.key -in mydomain.example.crt |