study-system/scripts/make-test-certs.sh

#!/bin/sh
set -eu

mkdir -p test

# Create CA config
cat > test/ca.cnf << EOF
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[req_distinguished_name]
commonName = Study System CA

[v3_ca]
basicConstraints = critical,CA:TRUE
keyUsage = critical,keyCertSign,cRLSign
EOF

# Create CA key and certificate
openssl genrsa -out test/ca.key 4096
openssl req -new -x509 -key test/ca.key -outform PEM -out test/ca.pem \
		-config test/ca.cnf

# Create server key and CSR
cat > test/server.cnf << EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
commonName = localhost

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
subjectAltName = @alt_names

[alt_names]
IP.1 = ::1
DNS.1 = localhost
EOF
openssl genrsa -out test/server.key 4096
openssl req -new -key test/server.key -out test/server.csr \
		-config test/server.cnf

# Sign server certificate
openssl x509 -req -in test/server.csr -CA test/ca.pem -CAkey test/ca.key \
		-CAcreateserial -out test/server_cert.pem \
		-extensions v3_req -extfile test/server.cnf

# Create client key and CSR
cat > test/client.cnf << EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
commonName = Study System Client

[v3_req]
basicConstraints = critical,CA:FALSE
keyUsage = critical,digitalSignature,keyEncipherment
EOF
openssl genrsa -out test/client.key 4096
openssl req -new -key test/client.key -out test/client.csr \
		-config test/client.cnf

# Sign client certificate
openssl x509 -req -in test/client.csr -CA test/ca.pem -CAkey test/ca.key \
		-CAcreateserial -outform PEM -out test/client_cert.pem \
		-extensions v3_req -extfile test/client.cnf

# Create combined files
cat test/server_cert.pem test/server.key > test/server.pem
cat test/client_cert.pem test/client.key > test/client.pem