blob: 08bfd2826f20d0c610d83df674561388a2a11fe8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/bin/bash
# generate_certificate.sh — Create a self-signed X.509 certificate for
# open62541 OPC UA applications. Outputs DER-encoded certificate and
# private-key files suitable for the demo programs in this project.
set -euo pipefail
if [ $# -lt 2 ] || [ $# -gt 3 ]; then
echo "Usage: generate_certificate.sh <certs_dir> <name> [uri]" >&2
exit 1
fi
certs_dir="$1"
name="$2"
cn="${name}@localhost"
uri="${3:-urn:bobink.${name}}"
mkdir -p "$certs_dir"
cnf="$certs_dir/${name}.cnf"
cat >"$cnf" <<EOF
[req]
distinguished_name = req_dn
x509_extensions = v3_ext
prompt = no
[req_dn]
C = FR
O = Bobink
CN = ${cn}
[v3_ext]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:localhost, URI:${uri}
EOF
openssl req -x509 -newkey rsa:2048 -nodes -sha256 \
-days 365 \
-config "$cnf" \
-keyout "$certs_dir/${name}_key.pem" \
-out "$certs_dir/${name}_cert.pem" \
2>/dev/null
openssl x509 -in "$certs_dir/${name}_cert.pem" -outform der \
-out "$certs_dir/${name}_cert.der"
openssl rsa -in "$certs_dir/${name}_key.pem" -outform der \
-out "$certs_dir/${name}_key.der" 2>/dev/null
rm -f "$certs_dir/${name}_cert.pem" "$certs_dir/${name}_key.pem" "$cnf"
echo "Generated certificate '$name' (CN=$cn, URI=$uri):"
echo " $certs_dir/${name}_cert.der"
echo " $certs_dir/${name}_key.der"
echo " $certs_dir/${name}_key.der"
|
