Generate OpenSSL certificates

#!/bin/bash

# prepare directory structure

mkdir -p ./demoCA/{certs,crl,newcerts,private}
touch ./demoCA/index.txt
echo 00 > ./demoCA/serial

# CA

openssl rand 2048

openssl genrsa -aes256 -out demoCA/private/cakey.pem 2048

openssl req -new -key demoCA/private/cakey.pem -out ca.csr

openssl req -x509 -days 3650 -sha512 -extensions v3_ca -key demoCA/private/cakey.pem -in ca.csr -out demoCA/cacert.pem

# server

openssl genrsa -out demoCA/private/server1.key 2048

openssl req -new -key demoCA/private/server1.key -out server1.csr

openssl ca -in server1.csr -out demoCA/certs/server1.crt

# client
#
# the same as server