grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
grpc-go/examples/features/advancedtls/generate.sh

92 lines
3.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
if [ -d "creds" ]; then
echo "creds directory already exists. Remove it and re-run this script."
exit 1
fi
mkdir creds
pushd creds
touch index.txt
echo "01" > serial.txt
cp "../localhost-openssl.cnf" .
cp "../openssl-ca.cnf" .
# Create the CA private key and certificate
openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out ca_cert.pem -nodes -days 3650 -subj "/C=US/ST=Georgia/L=Atlanta/O=Test CA/OU=Test CA Organzation/CN=Test CA Organization/emailAddress=test@example.com"
#################### Server cert
# Generate Server private key
openssl genrsa -out server_key.pem 4096
# Generate Server Certificate Signing Request (CSR)
openssl req -config "localhost-openssl.cnf" -new -key server_key.pem -out server_csr.pem -subj "/C=US/ST=Georgia/L=Atlanta/O=Test Server/OU=Test Server Organzation/CN=Test Server Organization/emailAddress=testserver@example.com"
# Use the CA to sign the Server CSR
openssl ca -config "openssl-ca.cnf" -policy signing_policy -extensions signing_req -out server_cert.pem -in server_csr.pem -keyfile ca_key.pem -cert ca_cert.pem -batch
# Verify the server cert works
openssl verify -verbose -CAfile ca_cert.pem server_cert.pem
## Generate another server cert to be revoked
openssl req -config "localhost-openssl.cnf" -new -key server_key.pem -out server_csr_revoked.pem -subj "/C=US/ST=Georgia/L=Atlanta/O=Test server/OU=Test server Organzation/CN=Test server Organization/emailAddress=testserver@example.com"
# Use the CA to sign the server CSR
openssl ca -config "openssl-ca.cnf" -policy signing_policy -extensions signing_req -out server_cert_revoked.pem -in server_csr_revoked.pem -keyfile ca_key.pem -cert ca_cert.pem -batch
# Verify the server cert works
openssl verify -verbose -CAfile ca_cert.pem server_cert_revoked.pem
# Revoke the cert
openssl ca -config "openssl-ca.cnf" -revoke server_cert_revoked.pem
# Generate the CRL
openssl ca -config "openssl-ca.cnf" -gencrl -out server_revoked.crl
# Make sure the cert is actually revoked
openssl verify -verbose -CAfile ca_cert.pem -CRLfile server_revoked.crl -crl_check_all server_cert_revoked.pem
#################### Client cert
# Generate client private key
openssl genrsa -out client_key.pem 4096
# Generate client Certificate Signing Request (CSR)
openssl req -config "localhost-openssl.cnf" -new -key client_key.pem -out client_csr.pem -subj "/C=US/ST=Georgia/L=Atlanta/O=Test client/OU=Test client Organzation/CN=Test client Organization/emailAddress=testclient@example.com"
# Use the CA to sign the client CSR
openssl ca -config "openssl-ca.cnf" -policy signing_policy -extensions signing_req -out client_cert.pem -in client_csr.pem -keyfile ca_key.pem -cert ca_cert.pem -batch
# Verify the client cert works
openssl verify -verbose -CAfile ca_cert.pem client_cert.pem
## Generate another client cert to be revoked
openssl req -config "localhost-openssl.cnf" -new -key client_key.pem -out client_csr_revoked.pem -subj "/C=US/ST=Georgia/L=Atlanta/O=Test client/OU=Test client Organzation/CN=Test client Organization/emailAddress=testclient@example.com"
# Use the CA to sign the client CSR
openssl ca -config "openssl-ca.cnf" -policy signing_policy -extensions signing_req -out client_cert_revoked.pem -in client_csr_revoked.pem -keyfile ca_key.pem -cert ca_cert.pem -batch
# Verify the client cert works
openssl verify -verbose -CAfile ca_cert.pem client_cert_revoked.pem
# Revoke the cert
openssl ca -config "openssl-ca.cnf" -revoke client_cert_revoked.pem
# Generate the CRL
openssl ca -config "openssl-ca.cnf" -gencrl -out client_revoked.crl
# Make sure the cert is actually revoked
openssl verify -verbose -CAfile ca_cert.pem -CRLfile client_revoked.crl -crl_check_all client_cert_revoked.pem
mkdir crl
mv client_revoked.crl crl/
rm 01.pem
rm 02.pem
rm 03.pem
rm 04.pem
rm *csr*
rm *.txt*
popd
Reference in New Issue View Git Blame Copy Permalink