github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/test-infra/aws-vpn/pki.sh (about) 1 #!/usr/bin/env bash 2 # Script adapted from https://community.axway.com/s/question/0D52X000065Ykx2SAC/example-scripts-to-create-certificate-chain-with-openssl 3 4 mkdir certs 5 6 subj='/C=CA' 7 8 set -e 9 10 #Generate CA Certificate 11 #Generate private Key 12 openssl genrsa -out certs/CA.key 2048 13 #Generate CA CSR 14 openssl req -new -sha256 -key certs/CA.key -out certs/CA.csr -subj "$subj/CN=CA CERTIFICATE" 15 #Generate CA Certificate (10 years) 16 openssl x509 -signkey certs/CA.key -in certs/CA.csr -req -days 3650 -out certs/CA.pem 17 18 #-------------------------------------------------------------------------------------- 19 #Generate Intermediary CA Certificate 20 #Generate private Key 21 22 openssl genrsa -out certs/CA_Intermediary.key 2048 23 24 #Create Intermediary CA CSR 25 openssl req -new -sha256 -key certs/CA_Intermediary.key -out certs/CA_Intermediary.csr -subj "$subj/CN=CA INTERMEDIARY CERTIFICATE" 26 27 #Generate Server Certificate (10 years) 28 openssl x509 -req -in certs/CA_Intermediary.csr -CA certs/CA.pem -CAkey certs/CA.key -CAcreateserial -out certs/CA_Intermediary.crt -days 3650 -sha256 29 30 cat certs/CA.pem certs/CA_Intermediary.crt > certs/ca-chain.crt 31 32 #-------------------------------------------------------------------------------------- 33 #Generate VPN Certificate signed by Intermediary CA 34 #Generate private Key 35 openssl genrsa -out certs/VPNCert.key 2048 36 37 #Create Client CSR 38 openssl req -new -sha256 -key certs/VPNCert.key -out certs/VPNCert.csr -subj "$subj/CN=client" 39 40 #Generate Client Certificate 41 openssl x509 -req -in certs/VPNCert.csr -CA certs/CA.pem -CAkey certs/CA.key -CAcreateserial -out certs/VPNCert.crt -days 3650 -sha256 42 43 #View Certificate 44 openssl x509 -text -noout -in certs/VPNCert.crt