Included scripts for client certificate generation

parent 92ecdf55
This diff is collapsed.
Generating a basic client SSL certificate for testing purposes:
The SSL certificates can be generated using the 'openssl' utility. To partially
automate this task, the 'gen_client_cert.sh' script is provided. This will
issue a new client certificate using the 'CA.pem' as a certification authority.
Note: such certificates are of course not considered trustworthy by common
web browsers and operating systems, they are only suitable for testing.
You can just run the script as follows:
./gen_client_cert.sh <output_filename>
Steps 2 and 3 (creating CSR and signing it) are the only ones that require
a user interaction.
2. Creating CSR:
When requested to enter certificate fields like Country Name or Locality Name,
you can enter any values you want or just use defaults by simply pressing
ENTER key. The only fileld that matters is the 'Email Address', which will be
used as the username by Jetconf server.
Do not enter any 'Challenge password'.
3. Signing CSR:
Enter the following password for test CA private key: ahoj
Now you should have the following files:
output_filename.pem - the client certificate
output_filename.key - the client private key
output_filename_curl.pem - the combination of previous 2 files containing both
certificate and key
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI9RYN7l6uawgCAggA
MB0GCWCGSAFlAwQBKgQQCYymROgGy6W7C4wFvogZ/gSCBNCII8W/MeTQTkTxNjBB
mtxgb5biPVc5kEkMKi7wOAZnnCR4Eh+vBq4JIaxlLoeMNDmKSj1bPMQcsRG8Hszj
Z3KyI7/am+W0GOcM6iUQlfo3nztjygDxZ7hPowLJnKC8K0gNkGowY/PU8x58o+Ou
iWRGXspzaQoZpQtOuMVMx1XsSpOXfDpVZhBYsQI4hdHEANqDxJgAwtT1k0A+A9+i
em2peJMA+Y+MAKLd0PvI2UdtVZCExfi7rzGMF9vwKgCO/54YBJzMCadn+Y2OjgYx
nQi89fqDQmpAjpfiKhe/Oj4GTiO8zUy3+JuUrNTKFbWyZ/68fZaYdGQ6maDoFsdq
DbgRpn1MyDKrP+6MFCoJay0JTJd4t3oUGsYxJFJEF4zFAtA4vm1mjEV2f89TpTyB
3XKdSdHE5OeTv8prCimk85Uls9E6+LDZmpzBMxkTZHnctm+W7rA3OZsXztRz8g/R
56KsKq553xq0UpUua+zjIafb4mKdOTjb6GFRXnaXxi7zOmGoENZ1cNuszxN0fVD6
ewJ35segGuuJ2Ggj2SGuLNt7KfYU9vBN4Pw3zlcmv2AIhK9b2aU67qFUSkQsU0ez
7+ry9VO2HMQV4xP5eIIfi18hwo+TRpm3noxaM1lavoHRQ2dfqhAov3SnsdSJBnC5
Hoja1TUFzx/31hVHk83VSU6cbDVc8kVdOGqed9RtvCN0PPV/KlGLYsiHkL0NB9xY
Yr9Rvm7VzdC3O8Zt+w3E20ByLwNM40C8GRpJCofQc+hYd9pxd8HL+9K2IGPWaWHR
2XbOVdId+eR4ilT+PsW8hWBimWb9FmHIAiopwuC4Uh/BEOtFIbxlD+maJhqdN90U
trTRKiIzsgpCYhY4UEIVK8zrc3dTBH21hH3QJZ+VX02yErGXYEheWWXu4H7Pkf3E
xD0qSsxHuUm5rT7CcKP/ntOk7vel3AXYl7rOkENYeaFao5GzCs1PObKbatfeIprO
CTihn1tikDtE3YHNdZWWE5yxlQCn+tp8/7zUyj/hAYwrgdvG22aL8Ebg2KPba0tc
yAdPwZl1zjR+ZVTLOZ5RfInOCXNXg+5cYDG1jH9HdjcawyvvieAQZAShZAJXB0C6
0pTuz15UNn/tSpLfDy7Zwf93fYX8fuCn/+La9VmxALIkgBxm01c1XGwOjiSNQBH1
WBTdZBS9zB2ZNSH0GvfJM48q7iNMSPs+JgxRmWUYFHweShPeGD6kH/BWkf+N31jr
T47rMn/x3T666STa2SvHgAbUFs36GGGXyJsk25QC8tFd94bO710OS01nP/ozjqsr
1uamNiJDEQk/wdZrdyQPMYjADLxL5J0jZx8hv7mdb4fnS6GdS+99bwzhnAaUtEN/
rSKMShKkp+8+bIYd3y0+Glyl4Y0IHtYLSfVvcpwcFFn6y8AsV4Uz4jftZ4m4JY3+
P9uLXb8MN9+XaMctMWKPncyJ9areW8/190klVYu92eNzObShKS92Q387JK8rcH01
+DWsuFeOJWuQNrzlyZBGHWB0eYilE6Bj4c+buMHeC++TeJVv5cOj3AQ7HfvJ7+Op
OFow7f45TI3AtHwkkzPPXFm8kA6az1fR7eg6L/Z5a7fA4B5qrQZOL3RINH65gCP4
EJ8iHPGRDmVtVMzwyJbDfD5ITw==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDEjCCAfoCCQDCaaYrCujinTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJD
WjETMBEGA1UECgwKRXhhbXBsZSBDQTEQMA4GA1UECwwHZXhjYS5jejEVMBMGA1UE
AwwMbWFpbEBleGNhLmN6MB4XDTE2MDMwODE1MjIzOVoXDTE4MTIwMzE1MjIzOVow
SzELMAkGA1UEBhMCQ1oxEzARBgNVBAoMCkV4YW1wbGUgQ0ExEDAOBgNVBAsMB2V4
Y2EuY3oxFTATBgNVBAMMDG1haWxAZXhjYS5jejCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJzIIvll9cHDkVoquTL/9T23EsAJzJgJVNXWb2LAkpl/eqQT
qMBbZBeUAxZIMFDM2nn13opYgXdyITX022Hk6Dcdbp/KNe0ys9bwJfWS/aW0Uyj1
6zgupihWdgVXnkYOyN//CopO2uDoUnJ7oWhs6uZhLNUDdzwDgqnn57CT2QkTsZ7m
XHZGQyqcIyNvqAWjOxL1UyXqAIpimq63popeL6GyrNYOG9D35oesIoC1jZQBUJUi
cy/UVnJyOFk9YC5qwtDjBLBsIHUh2NqnKSyDmvLDjlwLVZC3lGrYRkCL1CgJAgvF
yqmesALtDnGqn1eHzMO8Z1GeK3ojfjcm4rC7+JUCAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEARYu7J6OVJn4Ftam+OUnmbKWU6IraXcnP8HWPLyuu/hLaAtSc43mNd3Mp
Muzo93B5cG4+tWx4UDjE3m2eXTjIzLivHYoMc9CuwRDxe95n21tZ5TB3DGlHeWKo
eAMSnA4Q4cthgPT5iJjYHv6dg6eIKmN5VsIWBCnHqqfjiAMAZQ72Q4UJ4q/mB18N
c80FFYKLplOJ0dZaDO1BbE1YeiEDZdQc/HuaMQOeuQa/0xrwTHJ8aTPGemvZLJGy
LHO2hBkqktcST0tCRZgQbY66HdnX7RJ4L3Ac/v+T0eOKnWCaCaJIW+dBoEbudmiM
dAjt3iWQ9yND28ASZ+yRXwZn6ZMmbg==
-----END CERTIFICATE-----
#!/bin/sh
if [ "$1" = "" ]; then
echo "Usage:" $0 "out_filename_prefix"
exit 1
fi
echo "\n1. Generating private key:"
openssl genrsa -out $1.key 2048
echo "\n2. Generating CSR:"
openssl req -new -key $1.key -out $1.req
echo "\n3. Signing CSR with test CA's key:"
openssl x509 -req -in $1.req -CA ca.pem -CAkey ca.key -days 365 -out $1.pem
echo "\n4. Creating combined $1_curl.pem file containing both certificate and key (for curl etc.):"
cat $1.pem > $1_curl.pem
cat $1.key >> $1_curl.pem
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment