Introduction
Prerequisites
The below scripts assume the following directory layout:
<ca>
The directory<ca>
is a placeholder. Any directory can be used.create_root_ca.sh
create_certificate.sh
certs
csr
private
The sub-directories certs
, csr
and private
will be created from the below scripts should they not exist.
Create Root CA Certificate
This step includes to create a private key (root-ca.key
) and self-signed certificate (root-ca.crt
) both in PEM format. As a result the following files will be created:
<ca>/certs/root-ca.crt
<ca>/private/root-ca.key
This step is performed just once. In case of repeated execution a new Root CA Certificate will be created and server certificates will have to be renewed.
- Download: create_root_ca.sh
- The shell script is executed without arguments.
./create_root.sh
Create Server Certificate
This step includes to create a private key and certificate request (CSR). The resulting server certificate will be signed.
This step is performed for each server certificate that should be created:
- Download: create_certificate.sh
- The shell script is executed with a single argument: the hostname of the server that should receive the certificate.
./create_certificate.sh <server-hostname>
In order to run the script successfully the following openssl-cert.config
file has to be present.
[ req ] prompt = no distinguished_name = standard dn [ standard dn ] commonName = apmaccs countryName = DE localityName = Berlin organizationName = SOS organizationalUnitName = JS7 stateOrProvinceName = Berlin [ standard exts ] extendedKeyUsage = serverAuth,clientAuth