D4
/
d4-core
mirror of https://github.com/D4-project/d4-core
2
0
Fork 0
Code Issues Releases Wiki Activity

Adds scripts and instructions for Verifiable Self-Signed Certificate generation

pull/8/head
Jean-Louis Huynen 2019-01-18 08:59:15 +01:00
parent 12956f605b
commit f1e27cf447
6 changed files with 41 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/gen_cert.sh
View File

@ -1,7 +0,0 @@
#!/usr/bin/env bash
openssl genrsa -out server.key 4096
openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256
cat server.crt server.key > server.pem

14
server/gen_cert/README.md Normal file
View File

@ -0,0 +1,14 @@
Usage
=====
These scripts are useful to generate the server's self-signed certificate.
## Root Certification Authority ##
`gen_root.sh`
This will create a rootCA.crt file that you may copy in the d4-goclient conf folder to verify the server's cert.
## Server certificate ##
### Configuration Files ###
Look into these files if you plan to verify the certificate:
* san.cnf holds basic information about the certificate.
* ext.3 holds in particular the 'subjectAltNames** option that is for the verification to succeed.
### Generation ###
`gen_root.sh`

5
server/gen_cert/ext3.cnf Normal file
View File

@ -0,0 +1,5 @@
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1

9
server/gen_cert/gen_cert.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
# Create Server key
openssl genrsa -out server.key 4096
# Create the Server Signing Request - non interactive, config in san.cnf
openssl req -sha256 -new -key server.key -out server.csr -config san.cnf
# Create the server certificate by rootCA, with ext3 subjectAltName in ext3.cnf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile ext3.cnf
# Concat in pem
cat server.crt server.key > ../server.pem

2
server/gen_root.sh → server/gen_cert/gen_root.sh
View File

@ -1,3 +1,5 @@
#!/usr/bin/env bash
# Create Root key
openssl genrsa -out rootCA.key 4096
# Create and Sign the Root CA Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

11
server/gen_cert/san.cnf Normal file
View File

@ -0,0 +1,11 @@
[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=LU
L=Luxembourg
O=SMILE, CIRCL
CN = localhost