github.com/pion/dtls/v2@v2.2.12/examples/certificates/README.md

github.com/pion/dtls/v2@v2.2.12/examples/certificates/README.md (about)

     1  # Certificates
     2  
     3  The certificates in for the examples are generated using the commands shown below.
     4  
     5  Note that this was run on OpenSSL 1.1.1d, of which the arguments can be found in the [OpenSSL Manpages](https://www.openssl.org/docs/man1.1.1/man1), and is not guaranteed to work on different OpenSSL versions.
     6  
     7  ```shell
     8  # Extensions required for certificate validation.
     9  $ EXTFILE='extfile.conf'
    10  $ echo 'subjectAltName = IP:127.0.0.1\nbasicConstraints = critical,CA:true' > "${EXTFILE}"
    11  
    12  # Server.
    13  $ SERVER_NAME='server'
    14  $ openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_NAME}.pem"
    15  $ openssl req -key "${SERVER_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${SERVER_NAME}.csr"
    16  $ openssl x509 -req -in "${SERVER_NAME}.csr" -extfile "${EXTFILE}" -days 365 -signkey "${SERVER_NAME}.pem" -sha256 -out "${SERVER_NAME}.pub.pem"
    17  
    18  # Client.
    19  $ CLIENT_NAME='client'
    20  $ openssl ecparam -name prime256v1 -genkey -noout -out "${CLIENT_NAME}.pem"
    21  $ openssl req -key "${CLIENT_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${CLIENT_NAME}.csr"
    22  $ openssl x509 -req -in "${CLIENT_NAME}.csr" -extfile "${EXTFILE}" -days 365 -CA "${SERVER_NAME}.pub.pem" -CAkey "${SERVER_NAME}.pem" -set_serial '0xabcd' -sha256 -out "${CLIENT_NAME}.pub.pem"
    23  
    24  # Cleanup.
    25  $ rm "${EXTFILE}" "${SERVER_NAME}.csr" "${CLIENT_NAME}.csr"
    26  ```