#!/bin/bash
# prepare directory structure
mkdir -p ./demoCA/{certs,crl,newcerts,private}
touch ./demoCA/index.txt
echo 00 > ./demoCA/serial
# CA
openssl rand 2048
openssl genrsa -aes256 -out demoCA/private/cakey.pem 2048
openssl req -new -key demoCA/private/cakey.pem -out ca.csr
openssl req -x509 -days 3650 -sha512 -extensions v3_ca -key demoCA/private/cakey.pem -in ca.csr -out demoCA/cacert.pem
# server
openssl genrsa -out demoCA/private/server1.key 2048
openssl req -new -key demoCA/private/server1.key -out server1.csr
openssl ca -in server1.csr -out demoCA/certs/server1.crt
# client
#
# the same as server