37 lines
1.7 KiB
Bash
37 lines
1.7 KiB
Bash
# #!/bin/sh
|
|
# # Based on: https://gist.github.com/granella/01ba0944865d99227cf080e97f4b3cb6
|
|
|
|
# PASSWORD=V3ryS3cr3tP4ssw0rd
|
|
|
|
# echo "===================================================="
|
|
# echo "Creating fake third-party chain root -> ca"
|
|
# echo "===================================================="
|
|
|
|
# # generate private keys (for root and ca)
|
|
# keytool -genkeypair -alias root -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore root.p12 -keypass $PASSWORD -storepass $PASSWORD
|
|
# keytool -genkeypair -alias ca -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore ca.p12 -keypass $PASSWORD -storepass $PASSWORD
|
|
|
|
# # generate root certificate
|
|
# keytool -exportcert -rfc -storetype PKCS12 -keystore root.p12 -alias root -storepass $PASSWORD > root.pem
|
|
|
|
# # generate a certificate for ca signed by root (root -> ca)
|
|
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -certreq -alias ca \
|
|
# | keytool -storetype PKCS12 -keystore root.p12 -storepass $PASSWORD -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem
|
|
|
|
# # import ca cert chain into ca.p12
|
|
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file root.pem
|
|
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -alias ca -file ca.pem
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# # openssl req -new -keyout api-registry-ca.key -out api-registry-ca.req
|
|
|
|
# # openssl x509 -signkey api-registry-ca.key -req -days 3650 -in api-registry-ca.req -out api-registry-ca.crt -extensions v3_ca
|
|
|
|
# #####
|
|
# #
|
|
# # keytool -alias root -dname "cn=RootCA, ou=Root_CertificateAuthority, o=CertificateAuthority, c=IN" -genkeypair -storepass "V3ryS3cr3tP4ssw0rd" -keyalg RSA
|