not logged in | [Login]

Mutual TLS

Generate self signed certs for testing



echo Generating certs

# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=WA/L=Seattle/O=Testing/OU=Security/CN=$HOSTNAME"

# Create the Server Key, CSR, and Certificate
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr -subj "/C=US/ST=WA/L=Seattle/O=Testing/OU=Security/CN=$HOSTNAME"

# We're self signing our own server cert here.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# Create the Client Key and CSR
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr -subj "/C=US/ST=WA/L=Seattle/O=Testing/OU=Security/CN=$HOSTNAME"

# Sign the client certificate with our CA cert.
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

echo Creating server store
openssl pkcs12 -export -inkey server.key -in server.crt -out server.p12 -name server -passin pass:"$in_pass" -passout pass:"$export_pass"
rm -f server.jks
keytool -importkeystore -destkeystore server.jks -deststoretype jks -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass "$export_pass" -deststorepass "$export_pass"

## Create the Client Keystore
echo Creating client store for $dir
cat client.crt ca.crt > client-chain.crt
openssl pkcs12 -export -inkey client.key -in client-chain.crt -out client.p12 -name client -passin pass:"$in_pass" -passout pass:"$export_pass"
rm -f client.jks
keytool -importkeystore -destkeystore client.jks -deststoretype jks -srckeystore client.p12 -srcstoretype pkcs12 -srcstorepass "$export_pass" -deststorepass "$export_pass"

echo Creating trust store
rm -f trust.jks
keytool -import -noprompt -trustcacerts -alias trust -file ca.crt -keystore trust.jks -srcstorepass "$in_pass" -deststorepass "$export_pass"

# Remove files that are not needed
rm server.crt
rm server.key
find . -name "*.p12" -type f -delete
find . -name "*.csr" -type f -delete
find . -name "*chain.crt" -type f -delete