Home Explore Help
Sign In
mirror
/
grpc-swift
mirror of https://github.com/grpc/grpc-swift.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 09b30466f6
Branches Tags
grpc-swift
/
scripts
/
makecert

makecert 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. #!/bin/bash
    2. 

  2. #
    3. 

  3. # Creates a trust collection certificate (ca.crt)
    4. 

  4. # and self-signed server certificate (server.crt) and private key (server.pem)
    5. 

  5. # and client certificate (client.crt) and key file (client.pem) for mutual TLS.
    6. 

  6. # Replace "example.com" with the host name you'd like for your certificate.
    7. 

  7. #
    8. 

  8. # https://github.com/grpc/grpc-java/tree/master/examples
    9. 

  9. #
    10. 

  10. 

  11. set -euo pipefail
    12. 

  12. 

  13. SIZE=2048
    14. 

  14. 

  15. # CA
    16. 

  16. openssl genrsa -out ca.key $SIZE
    17. 

  17. openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=some-ca"
    18. 

  18. 

  19. # Other CA
    20. 

  20. openssl genrsa -out other-ca.key $SIZE
    21. 

  21. openssl req -new -x509 -days 365 -key other-ca.key -out other-ca.crt -subj "/CN=some-other-ca"
    22. 

  22. 

  23. # Server certs (localhost)
    24. 

  24. openssl genrsa -out server-localhost.key $SIZE
    25. 

  25. openssl req -new -key server-localhost.key -out server-localhost.csr -subj "/CN=localhost"
    26. 

  26. openssl x509 -req -days 365 -in server-localhost.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-localhost.crt
    27. 

  27. openssl x509 -req -days 365 -in server-localhost.csr -CA other-ca.crt -CAkey other-ca.key -set_serial 01 -out server-localhost-other-ca.crt
    28. 

  28. 

  29. # Server certs (example.com)
    30. 

  30. openssl genrsa -out server-example.com.key $SIZE
    31. 

  31. openssl req -new -key server-example.com.key -out server-example.com.csr -subj "/CN=example.com"
    32. 

  32. openssl x509 -req -days 365 -in server-example.com.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-example.com.crt
    33. 

  33. 

  34. # Client certs (localhost)
    35. 

  35. openssl genrsa -out client.key $SIZE
    36. 

  36. openssl req -new -key client.key -out client.csr -subj "/CN=localhost"
    37. 

  37. openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
    38. 

  38. openssl x509 -req -days 365 -in client.csr -CA other-ca.crt -CAkey other-ca.key -set_serial 01 -out client-other-ca.crt
    39. 

  39. 

  40. # netty only supports PKCS8 keys. openssl is used to convert from PKCS1 to PKCS8
    41. 

  41. # http://netty.io/wiki/sslcontextbuilder-and-private-key.html
    42. 

  42. openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem
    43. 

  43. openssl pkcs8 -topk8 -nocrypt -in server-example.com.key -out server.pem
    44. 

  44. 

  45. # Server cert with explicit EC parameters (not supported)
    46. 

  46. openssl ecparam -name prime256v1 -genkey -param_enc explicit -out server-explicit-ec.key
    47. 

  47. openssl req -new -x509 -days 365 -key server-explicit-ec.key -out server-explicit-ec.crt -subj "/CN=example.com"
    48.