This tls-gen variation generates a root CA, one intermediary server CA, one intermediary client CA, and two certificate/key pairs signed by their respective intermediate CAs:
- Chain 1: root CA => client intermediate => client certificate/key pair
- Chain 2: root CA => server intermediate => server certificate/key pair
# pass a password using the PASSWORD env variable
make
# results will be under the ./result directory
ls -lha ./resultGenerated CA certificate as well as client and server certificate and private keys will be
under the result directory.
It possible to use ECC for intermediate and leaf keys:
# pass a private key password using the PASSWORD variable if needed
make USE_ECC=true ECC_CURVE="prime256v1"
# results will be under the ./result directory
ls -lha ./resultThe list of available curves can be obtained with
openssl ecparam -list_curvesTo regenerate, use
make regenThe regen target accepts the same variables as gen (default target) above.
You can verify the generated client and server certificates against the generated CA one with
make verifyTo display client and server certificate information, use
make infoThis assumes the certificates were previously generated.