github.com/apernet/quic-go@v0.43.1-0.20240515053213-5e9e635fd9f0/internal/testdata/generate_key.sh (about)

     1  #!/bin/bash
     2  
     3  set -e
     4  
     5  echo "Generating CA key and certificate:"
     6  openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 \
     7    -keyout ca.key -out ca.pem \
     8    -subj "/O=quic-go Certificate Authority/"
     9  
    10  echo "Generating CSR"
    11  openssl req -out cert.csr -new -newkey rsa:2048 -nodes -keyout priv.key \
    12    -subj "/O=quic-go/"
    13  
    14  echo "Sign certificate:"
    15  openssl x509 -req -sha256 -days 3650 -in cert.csr  -out cert.pem \
    16    -CA ca.pem -CAkey ca.key -CAcreateserial \
    17    -extfile <(printf "subjectAltName=DNS:localhost")
    18  
    19  # debug output the certificate
    20  openssl x509 -noout -text -in cert.pem
    21  
    22  # we don't need the CA key, the serial number and the CSR any more
    23  rm ca.key cert.csr ca.srl
    24