generate a self-signed cert

This code generates a client certificate and its corresponding private key, signs it using a self-signed intermediate CA, and then verifies the signed certificate.

Run example

ROOT=/Users/briancullinan/jupytangular2/Utilities/ca # create a client key cd $ROOT openssl genrsa -aes256 -passout pass:x \ -out intermediate/private/localhost.key.pem 2048 chmod 700 intermediate/private/localhost.key.pem # create a client csr cd $ROOT openssl req -config intermediate/openssl.cnf \ -passin pass:x \ -subj "/C=US/ST=Who/L=Is/O=John/OU=Galt/CN=localhost" \ -key intermediate/private/localhost.key.pem \ -new -sha256 -out intermediate/csr/localhost.csr.pem # sign the client certificate with the intermediate CA cd $ROOT openssl ca -config intermediate/openssl.cnf \ -passin pass:x \ -extensions server_cert -days 375 -notext -md sha256 \ -batch \ -in intermediate/csr/localhost.csr.pem \ -out intermediate/certs/localhost.cert.pem chmod 744 intermediate/certs/localhost.cert.pem # verify client certificate openssl x509 -noout -text \ -in intermediate/certs/localhost.cert.pem openssl verify -CAfile intermediate/certs/ca-chain.cert.pem \ intermediate/certs/localhost.cert.pem #openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 #openssl rsa -passin pass:x -in server.pass.key -out server.key #rm server.pass.key #openssl req -new -key server.key -out server.csr #openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt #security add-trusted-cert -d -r trustRoot -k /Users/briancullinan/Library/Keychains/login.keychain /Users/briancullinan/jupytangular2/Utilities/ca/certs/ca.cert.pem #security add-trusted-cert -d -r trustRoot -k /Users/briancullinan/Library/Keychains/login.keychain /Users/briancullinan/jupytangular2/Utilities/ca/intermediate/certs/localhost.cert.pem

What the code could have been:

#!/bin/bash

# Define base directory
ROOT=/Users/briancullinan/jupytangular2/Utilities/ca

# Define password for encryption
PASS=X

# Create a client key
create_client_key() {
  cd "$ROOT" || exit
  echo "Creating client key..."
  openssl genrsa -aes256 -passout pass:"$PASS" \
    -out "intermediate/private/localhost.key.pem" 2048
  chmod 700 "intermediate/private/localhost.key.pem"
  echo "Client key created."
}

# Create a client CSR
create_client_csr() {
  cd "$ROOT" || exit
  echo "Creating client CSR..."
  openssl req -config "intermediate/openssl.cnf" \
    -passin pass:"$PASS" \
    -subj "/C=US/ST=Who/L=Is/O=John/OU=Galt/CN=localhost" \
    -key "intermediate/private/localhost.key.pem" \
    -new -sha256 -out "intermediate/csr/localhost.csr.pem"
  echo "Client CSR created."
}

# Sign the client certificate with the intermediate CA
sign_client_certificate() {
  cd "$ROOT" || exit
  echo "Signing client certificate..."
  openssl ca -config "intermediate/openssl.cnf" \
    -passin pass:"$PASS" \
    -extensions server_cert -days 375 -notext -md sha256 \
    -batch \
    -in "intermediate/csr/localhost.csr.pem" \
    -out "intermediate/certs/localhost.cert.pem"
  chmod 744 "intermediate/certs/localhost.cert.pem"
  echo "Client certificate signed."
}

# Verify client certificate
verify_client_certificate() {
  cd "$ROOT" || exit
  echo "Verifying client certificate..."
  openssl x509 -noout -text -in "intermediate/certs/localhost.cert.pem"
  openssl verify -CAfile "intermediate/certs/ca-chain.cert.pem" \
    "intermediate/certs/localhost.cert.pem"
  echo "Client certificate verified."
}

# Main function
main() {
  create_client_key
  create_client_csr
  sign_client_certificate
  verify_client_certificate
}

# Run main function
main

This code snippet demonstrates the process of creating and signing a client certificate using a self-signed intermediate CA.

This code demonstrates the process of creating a client certificate and verifying its authenticity using a self-signed intermediate CA. This is a common practice in development environments or for testing purposes.