WIPP

certs.sh

@@ -0,0 +1,40 @@
+# make directories to work from
+mkdir -p certs
+
+# Create your very own Root Certificate Authority
+openssl genrsa \
+  -out certs/root-ca.key.pem \
+  4096
+
+# Self-sign your Root Certificate Authority
+# Since this is private, the details can be as bogus as you like
+openssl req \
+  -x509 \
+  -new \
+  -nodes \
+  -key certs/root-ca.key.pem \
+  -days 3560 \
+  -out certs/root-ca.crt.pem \
+  -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is"
+
+# Create a Device Certificate for each domain,
+# such as example.com, *.example.com, awesome.example.com
+# NOTE: You MUST match CN to the domain name or ip address you want to use
+openssl genrsa \
+  -out certs/server.key.pem \
+  4096
+
+# Create a request from your Device, which your Root CA will sign
+openssl req -new \
+  -key certs/server.key.pem \
+  -out certs/server.csr.pem \
+  -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=localhost"
+
+# Sign the request from Device with your Root CA
+openssl x509 \
+  -req -in certs/server.csr.pem \
+  -CA certs/root-ca.crt.pem \
+  -CAkey certs/root-ca.key.pem \
+  -CAcreateserial \
+  -out certs/server.crt.pem \
+  -days 3650