From 4cb7f201a74ebd1709f544f79cdff6855f853e0d Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Mon, 2 Sep 2019 10:31:30 +0200 Subject: useful defaults, no password on CAs --- website-run-through | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) mode change 100644 => 100755 website-run-through (limited to 'website-run-through') diff --git a/website-run-through b/website-run-through old mode 100644 new mode 100755 index b4d2f42..0432ba1 --- a/website-run-through +++ b/website-run-through @@ -1,5 +1,7 @@ #!/bin/bash +rm -rf --one-file-system ca certs + mkdir -p ca/root-ca/private ca/root-ca/db crl certs chmod 700 ca/root-ca/private @@ -13,7 +15,7 @@ openssl req -new \ -out ca/root-ca.csr \ -keyout ca/root-ca/private/root-ca.key -openssl ca -selfsign \ +openssl ca -batch -selfsign \ -config etc/root-ca.conf \ -in ca/root-ca.csr \ -out ca/root-ca.crt \ @@ -32,24 +34,33 @@ openssl req -new \ -out ca/signing-ca.csr \ -keyout ca/signing-ca/private/signing-ca.key -openssl ca \ +openssl ca -batch \ -config etc/root-ca.conf \ -in ca/signing-ca.csr \ -out ca/signing-ca.crt \ -extensions signing_ca_ext -SAN=DNS:www.simple.org \ +SAN=DNS:test.local \ +CN=test.local \ openssl req -new \ -config etc/server.conf \ - -out certs/simple.org.csr \ - -keyout certs/simple.org.key + -out /tmp/nginx.csr \ + -keyout /tmp/nginx.key -openssl ca \ +openssl ca -batch \ -config etc/signing-ca.conf \ - -in certs/simple.org.csr \ - -out certs/simple.org.crt \ + -in /tmp/nginx.csr \ + -out /tmp/nginx.crt \ -extensions server_ext +cat /tmp/nginx.crt ca/signing-ca.crt ca/root-ca.crt > /tmp/nginx.chain + +sudo systemctl restart nginx + +curl -Ss https://test.local --cacert ca/root-ca.crt + +exit 0 + openssl ca \ -config etc/signing-ca.conf \ -revoke ca/signing-ca/01.pem \ -- cgit v1.2.3-54-g00ecf