add gen-certificate tool (#354)

cryptoadvance · Sep 6, 2020 · 01ffbeb · 01ffbeb
1 parent 73dbc41
commit 01ffbeb
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/docs/gen-certificate.sh b/docs/gen-certificate.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+IP=$(echo $1 | egrep -o "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$")
+
+if [ ! $IP ]
+then
+    echo "Usage: generate-ip-cert.sh 127.0.0.1"
+    exit 1
+fi
+
+echo "[req]
+default_bits  = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+countryName = XX
+stateOrProvinceName = N/A
+localityName = N/A
+organizationName = Self-signed certificate
+commonName = $IP: Self-signed certificate
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = $IP
+" > san.cnf
+
+openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf
+rm san.cnf
diff --git a/docs/self-signed-certificates.md b/docs/self-signed-certificates.md
@@ -6,10 +6,10 @@ If you are running a VPS it's easy - you just [issue a new certificate](./revers
 
 If you are only using the node at home and want to use it from your local network you need to issue a certificate yourself.
 
-On your node run this command:
+The easiest way is to run the [`gen-certificate.sh`](gen-certificate.sh) script in this folder with your node's ip address as an argument:
 
 ```sh
-openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
+gen-certificate.sh <your-node-local-ip-address>
 ```
 
 It will create two files - `cert.pem` and `key.pem`.