4 # openssl-ca.cnf - contains information for the CA certificate
5 # openssl-ca-sign.cnf - add the signing information most important private key and certificate
6 # openssl-server.cnf - no explanation needed
7 # openssl-server-sign.cnf - no explanation needed
8 # openssl-client.cnf - no explanation needed
9 # openssl-badboy.cnf - creates a certificate which should be rejected
11 # Create self signed CA certificate
12 openssl req -x509 -config openssl-ca.cnf -newkey rsa:2048 -sha256 -nodes -out cacert.pem -outform PEM
13 openssl x509 -in cacert.pem -text -noout |head -n 20
15 # Create client server certificates
16 openssl req -config openssl-server.cnf -newkey rsa:2048 -sha256 -nodes -out servercert.csr -outform PEM
17 openssl req -config openssl-client.cnf -newkey rsa:2048 -sha256 -nodes -out clientcert.csr -outform PEM
18 openssl req -config openssl-badboy.cnf -newkey rsa:2048 -sha256 -nodes -out badboycert.csr -outform PEM
20 # Initialize database (?) for signed certificates
22 echo '01' > serial.txt
23 echo -n > index-ri.txt
24 echo '01' > serial-ri.txt
26 # Sign server certificate with CA private key
27 echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out servercert.pem -infiles servercert.csr
28 # Sign client certificate with server private key
29 echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out clientcert.pem -infiles clientcert.csr
30 echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out badboycert.pem -infiles badboycert.csr
32 # openssl x509 -in cacert.pem -text -noout