2 #using "pass" for every password
4 echo "Generating client certificate ..."
6 openssl genrsa
-des3 -out client.key
2048
7 openssl req
-new -key client.key
-out client.csr
9 cp client.key client.key.orig
11 openssl rsa
-in client.key.orig
-out client.key
13 openssl x509
-req -days 3650 -in client.csr
-signkey client.key
-out client.crt
15 cp client.crt client.pem
16 cat client.key
>> client.pem
18 openssl pkcs12
-export -inkey client.key
-in client.pem
-name ClientName
-out client.pfx
21 echo "Generating first server certificate ..."
23 openssl genrsa
-des3 -out server.key
2048
24 openssl req
-new -key server.key
-out server.csr
26 cp server.key server.key.orig
28 openssl rsa
-in server.key.orig
-out server.key
30 openssl x509
-req -days 3650 -in server.csr
-signkey server.key
-out server.crt
32 cp server.crt server.pem
33 cat server.key
>> server.pem
35 openssl pkcs12
-export -inkey server.key
-in server.pem
-name ServerName
-out server.pfx
37 echo "First server certificate hash for Public-Key-Pins header:"
39 openssl x509
-pubkey < server.crt | openssl pkey
-pubin -outform der | openssl dgst
-sha256 -binary | base64
> server.pin
43 echo "Generating backup server certificate ..."
45 openssl genrsa
-des3 -out server_bkup.key
2048
46 openssl req
-new -key server_bkup.key
-out server_bkup.csr
48 cp server_bkup.key server_bkup.key.orig
50 openssl rsa
-in server_bkup.key.orig
-out server_bkup.key
52 openssl x509
-req -days 3650 -in server_bkup.csr
-signkey server_bkup.key
-out server_bkup.crt
54 cp server_bkup.crt server_bkup.pem
55 cat server_bkup.key
>> server_bkup.pem
57 openssl pkcs12
-export -inkey server_bkup.key
-in server_bkup.pem
-name ServerName
-out server_bkup.pfx
59 echo "Backup server certificate hash for Public-Key-Pins header:"
61 openssl x509
-pubkey < server_bkup.crt | openssl pkey
-pubin -outform der | openssl dgst
-sha256 -binary | base64
> server_bkup.pin