The end off all your self-sign certificate woes (in node.js at least)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

38 lines
1.1 KiB

# make directories to work from
mkdir -p certs/{client-auth}
# Generate a client private key
openssl genrsa \
-passout pass:secret \
-out certs/client-auth/privkey.pem \
# Create a request from your Device, which your Root CA will sign
openssl req -new \
-key certs/client-auth/privkey.pem \
-out certs/tmp/client-csr.pem \
-subj "/C=US/ST=Utah/L=Provo/O=ACME Tech Inc/CN=${FQDN}"
# Sign the request from Device with your Root CA
openssl x509 \
-req -in certs/tmp/client-csr.pem \
-CA certs/ca/my-root-ca.crt.pem \
-CAkey certs/ca/my-root-ca.key.pem \
-CAcreateserial \
-out certs/client-auth/cert.pem \
-days 500
# Create a public key, for funzies
# see
openssl rsa \
-in certs/server/privkey.pem \
-pubout -out certs/client/pubkey.pem
# Put things in their proper place
rsync -a certs/ca/my-root-ca.crt.pem certs/server/chain.pem
rsync -a certs/ca/my-root-ca.crt.pem certs/client/chain.pem
cat certs/server/cert.pem certs/server/chain.pem > certs/server/fullchain.pem