1 files changed, 56 insertions, 0 deletions

diff --git a/tools/generate_certificate.sh b/tools/generate_certificate.sh
new file mode 100755
index 0000000..08bfd28
--- /dev/null
+++ b/tools/generate_certificate.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# generate_certificate.sh — Create a self-signed X.509 certificate for
+# open62541 OPC UA applications.  Outputs DER-encoded certificate and
+# private-key files suitable for the demo programs in this project.
+
+set -euo pipefail
+
+if [ $# -lt 2 ] || [ $# -gt 3 ]; then
+  echo "Usage: generate_certificate.sh <certs_dir> <name> [uri]" >&2
+  exit 1
+fi
+
+certs_dir="$1"
+name="$2"
+cn="${name}@localhost"
+uri="${3:-urn:bobink.${name}}"
+
+mkdir -p "$certs_dir"
+
+cnf="$certs_dir/${name}.cnf"
+cat >"$cnf" <<EOF
+[req]
+distinguished_name = req_dn
+x509_extensions = v3_ext
+prompt = no
+
+[req_dn]
+C  = FR
+O  = Bobink
+CN = ${cn}
+
+[v3_ext]
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = DNS:localhost, URI:${uri}
+EOF
+
+openssl req -x509 -newkey rsa:2048 -nodes -sha256 \
+  -days 365 \
+  -config "$cnf" \
+  -keyout "$certs_dir/${name}_key.pem" \
+  -out "$certs_dir/${name}_cert.pem" \
+  2>/dev/null
+
+openssl x509 -in "$certs_dir/${name}_cert.pem" -outform der \
+  -out "$certs_dir/${name}_cert.der"
+openssl rsa -in "$certs_dir/${name}_key.pem" -outform der \
+  -out "$certs_dir/${name}_key.der" 2>/dev/null
+
+rm -f "$certs_dir/${name}_cert.pem" "$certs_dir/${name}_key.pem" "$cnf"
+
+echo "Generated certificate '$name' (CN=$cn, URI=$uri):"
+echo "  $certs_dir/${name}_cert.der"
+echo "  $certs_dir/${name}_key.der"
+echo "  $certs_dir/${name}_key.der"