JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 3

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleShell script create_certificate.sh
linenumberstrue
collapsetrue
#!/bin/bash

# Create certificate for Server Authentication and Client Authentication

set -e

CA_HOME=$(dirname "$0")
CA_HOME=$(cd "${CA_HOME}" >/dev/null && pwd)

CA_CERTS=${CA_HOME}/certs
CA_CSR=${CA_HOME}/csr
CA_PRIVATE=${CA_HOME}/private


# Specify server for which the certificate should be created
SERVER=$1

# Create required sub-directories
mkdir -p ${CA_CERTS} ${CA_csr} ${CA_PRIVATE}


# Step 1 - Generate Private Key and Certificate Signing Request
openssl req -new -config ${CA_HOME}/openssl-cert.config -extensions 'standard exts' -nodes \
    -days 7300 -newkey rsa:4096 -keyout ${CA_PRIVATE}/${SERVER}.key -out ${CA_CSR}/${SERVER}.csr

# Step 2 - Generate and Sign the Server Certificate
openssl x509 -req \
    -in ${CA_CSR}/${SERVER}.csr \
    -CA ${CA_CERTS}/root-ca.crt \
    -CAkey ${CA_PRIVATE}/root-ca.key \
    -CAcreateserial \
    -out ${CA_CERTS}/${SERVER}.crt -days 7300 \
    -extfile <(printf "subjectAltName=DNS:apmaccs,DNS:apmaccs.sos\nnsCertType = client, server\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage = serverAuth, clientAuth\n")

...