Scribd
Upload
2 views2 pages

Generate CA and Server Certificates

Uploaded by

h4n4n.n4b1l
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views2 pages

Generate CA and Server Certificates

Uploaded by

h4n4n.n4b1l
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

#!

/bin/sh

# Generate a new CA certificate and key.

openssl genrsa -out .ci/tls/[Link] 2048

openssl req -x509 -new -nodes -key .ci/tls/[Link] -days 1 -out .ci/tls/[Link] -subj
"/C=AT/ST=Vorarlberg/CN=php-mqtt Test CA"

# Copy [Link] to a file named by the hashed subject of the certificate. This is required for PHP's capath
option to find the certificate.

cp .ci/tls/[Link] .ci/tls/$(openssl x509 -hash -noout -in .ci/tls/[Link]).0

# Create a Java Trust Store from the CA certificate. This is used by HiveMQ.

keytool -import -file .ci/tls/[Link] -alias ca -keystore .ci/tls/[Link] -storepass s3cr3t -trustcacerts -
noprompt

# Generate a new server certificate and key, signed by the created CA.

openssl genrsa -out .ci/tls/[Link] 2048

openssl req -new -key .ci/tls/[Link] -out .ci/tls/[Link] -sha512 -subj


"/C=AT/ST=Vorarlberg/CN=localhost"

openssl x509 -req -in .ci/tls/[Link] -CA .ci/tls/[Link] -CAkey .ci/tls/[Link] -CAcreateserial -out
.ci/tls/[Link] -days 1 -sha512

# Generate a Java Key Store from the server certificate. This is used by HiveMQ.

openssl pkcs12 -export -in .ci/tls/[Link] -inkey .ci/tls/[Link] -out .ci/tls/server.p12 -passout
pass:s3cr3t

keytool -importkeystore -srckeystore .ci/tls/server.p12 -srcstoretype PKCS12 -destkeystore


.ci/tls/[Link] -deststoretype JKS -srcstorepass s3cr3t -deststorepass s3cr3t -noprompt

# Generate a client certificate without passphrase, signed by the created CA.

openssl genrsa -out .ci/tls/[Link] 2048

openssl req -new -key .ci/tls/[Link] -out .ci/tls/[Link] -sha512 -subj


"/C=AT/ST=Vorarlberg/CN=localhost"
openssl x509 -req -in .ci/tls/[Link] -CA .ci/tls/[Link] -CAkey .ci/tls/[Link] -CAcreateserial -out
.ci/tls/[Link] -days 1 -sha256

# Generate a client certificate with passphrase, signed by the created CA.

openssl genrsa -aes128 -passout pass:s3cr3t -out .ci/tls/[Link] 2048

openssl req -new -key .ci/tls/[Link] -passin pass:s3cr3t -out .ci/tls/[Link] -sha512 -subj
"/C=AT/ST=Vorarlberg/CN=localhost"

openssl x509 -req -in .ci/tls/[Link] -CA .ci/tls/[Link] -CAkey .ci/tls/[Link] -CAcreateserial -out
.ci/tls/[Link] -days 1 -sha256

You might also like