-
Notifications
You must be signed in to change notification settings - Fork 7
/
script.sh
executable file
·65 lines (34 loc) · 2.56 KB
/
script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# SET THIS VARIABLE ACCORDING TO YOUR PATH
#PROJ_DIR=/Users/sachin/work/workspaces/ws/tlsdemo
PROJ_DIR=/home/sachin/work/tlsdemo
# --------------------------------------
ROOT_CA_CN="api-ca.skshukla.com"
SERVER_CN="api-server.skshukla.com"
CLIENT_CN="api-client.skshukla.com"
# --------------------------------------
CERT_DIR=$PROJ_DIR/work/certs
mkdir -p $CERT_DIR
rm -rf $CERT_DIR/*.*
rm -rf $PROJ_DIR/src/main/resources/*.jks
rm -rf $PROJ_DIR/src/main/resources/*.p12
# Generate Certs
#------------------------------------------------------
echo -e "SG\nSG\nSG\nZMYORG\nZMYORGUNIT\n${ROOT_CA_CN}\na@a.com" | openssl req -x509 -sha256 -days 3650 -newkey rsa:4096 -keyout $CERT_DIR/rootCA.key -out $CERT_DIR/rootCA.crt -passout pass:12345678
echo -e "SG\nSG\nSG\nZMYORGS\nZMYORGUNITS\n${SERVER_CN}\na@a.com\n12345678\n12345678" | openssl req -new -newkey rsa:4096 -keyout $CERT_DIR/server.key -out $CERT_DIR/server.csr -passout pass:12345678
echo "authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${SERVER_CN}" > $CERT_DIR/server.ext
openssl x509 -req -CA $CERT_DIR/rootCA.crt -CAkey $CERT_DIR/rootCA.key -in $CERT_DIR/server.csr -out $CERT_DIR/server.crt -days 365 -CAcreateserial -extfile $CERT_DIR/server.ext -passin pass:12345678
# openssl x509 -in api_gateway.crt -text
# keytool -list -v -keystore myserver_truststore.jks
openssl pkcs12 -export -out $CERT_DIR/server.p12 -name "${SERVER_CN}" -inkey $CERT_DIR/server.key -in $CERT_DIR/server.crt -passin pass:12345678 -password pass:12345678
echo -e '12345678\n12345678\n12345678' | keytool -importkeystore -srckeystore $CERT_DIR/server.p12 -srcstoretype PKCS12 -destkeystore $CERT_DIR/myserver_keystore.jks -deststoretype JKS
echo -e '12345678\n12345678' | keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:${SERVER_CN},ip:127.0.0.1 -file $CERT_DIR/rootCA.crt -keystore $CERT_DIR/myserver_truststore.jks
# CLIENT
echo -e "SG\nSG\nSG\nZMYORGC\nZMYORGUNITC\n${CLIENT_CN}\na@a.com\n12345678\n12345678" | openssl req -new -newkey rsa:4096 -keyout $CERT_DIR/client.key -out $CERT_DIR/client.csr -passout pass:12345678
openssl x509 -req -CA $CERT_DIR/rootCA.crt -CAkey $CERT_DIR/rootCA.key -in $CERT_DIR/client.csr -out $CERT_DIR/client.crt -days 365 -CAcreateserial -passin pass:12345678
openssl pkcs12 -export -out $CERT_DIR/client.p12 -name "client" -inkey $CERT_DIR/client.key -in $CERT_DIR/client.crt -passin pass:12345678 -password pass:12345678
cp -rf $CERT_DIR/*.jks $PROJ_DIR/src/main/resources