Implement mTLS authentication between client and server
This commit is contained in:
76
scripts/make-test-certs.sh
Executable file
76
scripts/make-test-certs.sh
Executable file
@@ -0,0 +1,76 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
mkdir -p test
|
||||
|
||||
# Create CA config
|
||||
cat > test/ca.cnf << EOF
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
commonName = Study System CA
|
||||
|
||||
[v3_ca]
|
||||
basicConstraints = critical,CA:TRUE
|
||||
keyUsage = critical,keyCertSign,cRLSign
|
||||
EOF
|
||||
|
||||
# Create CA key and certificate
|
||||
openssl genrsa -out test/ca.key 4096
|
||||
openssl req -new -x509 -key test/ca.key -outform PEM -out test/ca.pem \
|
||||
-config test/ca.cnf
|
||||
|
||||
# Create server key and CSR
|
||||
cat > test/server.cnf << EOF
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
|
||||
[req_distinguished_name]
|
||||
commonName = localhost
|
||||
|
||||
[v3_req]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
IP.1 = ::1
|
||||
DNS.1 = localhost
|
||||
EOF
|
||||
openssl genrsa -out test/server.key 4096
|
||||
openssl req -new -key test/server.key -out test/server.csr \
|
||||
-config test/server.cnf
|
||||
|
||||
# Sign server certificate
|
||||
openssl x509 -req -in test/server.csr -CA test/ca.pem -CAkey test/ca.key \
|
||||
-CAcreateserial -out test/server_cert.pem \
|
||||
-extensions v3_req -extfile test/server.cnf
|
||||
|
||||
# Create client key and CSR
|
||||
cat > test/client.cnf << EOF
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
|
||||
[req_distinguished_name]
|
||||
commonName = Study System Client
|
||||
|
||||
[v3_req]
|
||||
basicConstraints = critical,CA:FALSE
|
||||
keyUsage = critical,digitalSignature,keyEncipherment
|
||||
EOF
|
||||
openssl genrsa -out test/client.key 4096
|
||||
openssl req -new -key test/client.key -out test/client.csr \
|
||||
-config test/client.cnf
|
||||
|
||||
# Sign client certificate
|
||||
openssl x509 -req -in test/client.csr -CA test/ca.pem -CAkey test/ca.key \
|
||||
-CAcreateserial -outform PEM -out test/client_cert.pem \
|
||||
-extensions v3_req -extfile test/client.cnf
|
||||
|
||||
# Create combined files
|
||||
cat test/server_cert.pem test/server.key > test/server.pem
|
||||
cat test/client_cert.pem test/client.key > test/client.pem
|
||||
Reference in New Issue
Block a user