Add script to generate a local root CA

Author: felixhammerl

crt/rootCA.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9AD937C7F68374EE
+
+uwzN0kioEHHROiQ1aTm6v2yYo0sXQ6V7g95U9v9fSUqCrSlxSpmQ00FaEM1+RuUb
+MptbmoQ8QdEuaGhBbuFnS2tsWVQune0vAKRYMbGhGvK34BajN59jfJn7gJu2eB3j
++AWnaoXyxQ2pkEcQuiLeShkvylwLzn3vCCvGm9Mov0NmkUbRMK8wuPvUlbvc/QhF
+7xJhR5wM6HDRBl+nnMlqp/gxw9rlP9rFPqSn7RU2jDXkdd+nTxb0u4+tyhIc5WEK
+sFaCpXR76TXe1mYvTKS3C68c7Gq+rLxgeQNsMdVnQpAvyIwLCNh5+bk0Uop2SK33
+Sm3q3FtRDW9OvftU41hGgquT5pw5RVaYAofcdyj5Bt/myuQD3C6X30jFlY0G/0Ne
+dMHSCLE2mwu9XCuVXoI4U0KhfmCvK+72qLTuBiYWQZHGCBUibxAHnnViEf24q2kS
+KccvYn9Tg9O8ff/3KB45pOTK1V4EY1dhqop1jOkm+exc7IZBihTwOnotNrYmR1I1
+FifUXaabVq+5Y9QIGIfkAtug64HY509IkolY5C3MnSGvUX6eY4RFgK+Q9KGIR9Tk
+dKCTTCSucSDTT0UcXys2zc9jbZ+Vog5qglCZa6G0exc4og1dxomaM05I7+qIBs3D
+szeSE2LPATrzplH5m3zKXWkpgZYpiRtmJR+lFvPytNosgcm41cNkBWX2p6s/LfMz
+aKMoDrPUhsB5ITelVSOWAX3aaYBShYIJ1SEk0RGyYsI+BiYbO6coZxLEpxInsvZB
+bpjIBAlJk2v5iSzDWeuod9fkE3Tp8HZEKj5yAH3jhmof5rgzaB6asxZqqCbRjwHH
+ZUyySsHsCy6ngu/vTD7OTe511FTn+f41/xybf92ve9BUgJC55s+9Z4z49n6QV11x
+YO6nLEcq7JF/jMwZ8l8Sj5/ZlnWR6LCK2VF7DV/6OunugrkcqEo+1YnXq8C37qvT
+eQd3QFOE0jEJ5bodTh+xn5UCPjIC/RGC/FoObfBRgK/DgmVXmkBSFzwFzyxq4s2Y
+s6r22XjArMqRmtDu3q0wuPhUQeAHsA/WvJ/CnzftpCWHQXRHIAdACmytPo4YTAkA
+r7ptsbdK/+nd6iKa7UY3RehBTorgQf7sgIEX59F7G7ywpeMRyAUWNe5JE6ttVHLa
+dD7KFXMWzMXeeYhEZ9vP6ede8822XSgAO9c6PPqG4LdyNj0DS2f0rra0ZBGxPwsF
+DTnAP/JSr2GtvZ0ZTyr9qP0/UNI+Llvk2MCewZtS8qBlhVCks2son12z9WjIlzzt
+/e6bRoESnPewx6rPOYpVx+IYA3QNzzHfyL9ZJE4ULX1iiQCASH2giVBn7npvbNYb
+hVPZjair2Sk0iimDx26vGUlnHYVuAqEy/pkQ4eXDMeu3dGTf+ETDXfC3B7A/E7RW
+Ti/qDcZX+u5tNAe4zi5SDZ6Xb2892zXSWtMN3v0r4IEPf1lF9qUT5janEJi7ID+P
+Z1Vc64+iSnazRv693EMK0ZXEFnQ5NGIsxkLPD1BT/RvQDuC8AfTAGqW31mi8R2ed
+s1UeVWdli1xoGzs9T1tWyoOvLzl2AXBkGszV4VdB71R+kLKQxEzEAA==
+-----END RSA PRIVATE KEY-----

crt/rootCA.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIJAMolSx3RAHk8MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNzEyMTIxMTE0
+NTdaFw0yMDEwMDExMTE0NTdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
+LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8D
+k/ldkChPVtLdXj5BD2iz36aS8pxwbAwPv2gm/Ba93ztLSZSSebxd7rQfoWmCDEGj
+ZclUBG0zjmc/oJMHjmxEHjM6hUM2ac6wYXR0Pb7A/0/lIiRq10YBa60kb5b8YYWx
+G6sW9E+2yMnLRZUieodQYLBYq/y4UZGCO4SiOkYEnhcRtdRnUKOVSbCxPQrIngpv
+EnmIFDago8SDwjYIS1X0pWN4KIwPEVje97BzKARC+d47yni1iKxZyE+0WdU6VyGh
+irxPiRvcMjK3Iz4kHbRVij0dBtyoaqxyGN9HJ1c3Ga5bz6G12koab4ELU7/95fsi
+tmScAhQNHS3YzKNLx58CAwEAAaOBvjCBuzAdBgNVHQ4EFgQU9qnohrUmhzZT4pnW
+8Jh9nSN6JtowgYsGA1UdIwSBgzCBgIAU9qnohrUmhzZT4pnW8Jh9nSN6JtqhXaRb
+MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAMol
+Sx3RAHk8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH4rEup8noqn
+9eRecfxvvrw69O2ztqb4SQG8MPy5fw1Pghe+bl/JHj6qL/hgTMLo0+kA5/6VfWwz
+QDs1ocwjQn2BQOgyaq7bqRMGKSyaTzcXHu4LkSikbU9LCXrLp/wz7J3UCaYezOXc
+2I0z0k+W4uu1GoxZD8Bmb5LOBtK4CFodYGThW7mTSLCM7a34dwCUQ2UAIKHu6T1d
+MdFX5vXfLhzZ+JaCVZLwmIc49vH1tp+Pj6F0gyW798VW4pwGgBciaatBHRUpVprr
+dwM92OxmRDZ8bEVdKquSnaeckwmGHmS+hjnqoUBn66VzhHDXpEDzwM5fcmq6HmGN
+rjkU+KD74qs=
+-----END CERTIFICATE-----

crt/rootCA.srl

@@ -0,0 +1 @@
+B9EA6EF631A1962B

crt/server.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8DCCAtigAwIBAgIJALnqbvYxoZYrMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNzEyMTIxMTE1
+MDJaFw0xOTA0MjYxMTE1MDJaMIHCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxEjAQBgNVBAcMCVJvY2hlc3RlcjESMBAGA1UECgwJRW5kIFBvaW50MRcw
+FQYDVQQLDA5UZXN0aW5nIERvbWFpbjFLMEkGCSqGSIb3DQEJARY8eW91ci1hZG1p
+bmlzdHJhdGl2ZS1hZGRyZXNzQHlvdXItYXdlc29tZS1leGlzdGluZy1kb21haW4u
+Y29tMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDoKjPR9RpvrI2F4xcrpGyvCOQOJuyV3WyXU1BpeoqszESVWqlckyE6
+6Xr5igA5pk8brMGkXS6v/utdgyGc81cbdoPUP99GK+/d6igwJg08po8JuAS7+0Wd
+Lepp3TLa13e2In7mVQ1lBQ5+lsLn/N505lsaJG0ADvExM4qJvOHq+2w3BS4Ko32M
+KyjF2zyaeVOSNudVJsA2ooYecQ2Sj2TZjoXd1YPDyS0JWV1VOSvLa2KTbUCjy8PB
+zIax2YgeilIz/Bu2QAC1Z3Cm0ZzBA+7IP626rv1FfRlY5WvBmuikySFrZt8iQkRN
+/hWDPR425SX+qTjs3nBTqp9sBPhyqLl9AgMBAAGjUTBPMB8GA1UdIwQYMBaAFPap
+6Ia1Joc2U+KZ1vCYfZ0jeibaMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMBQGA1Ud
+EQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEABX00ZO3SouwkDoxQ
+Ox/vUTqNcbLD7qNvt8vXUXTp6pviV/ZSHrFLEBEwAdlYw02uANorXb86bHE31VJ3
+ORZl6aoSm00OatuF7xDi0fD4x0PCYCgExlQF54ttJi+dqYRP/QyShZrDUJ2l5CbS
+5DdK9DCrpTrXNGmSc5pWIo/bosDaDiB/sgTRu8/WzyNzsIPkwAEVWy05Wk6rcdwV
+uQGuMGuYPG+3oZyVHYKKHMPF42PGw/Vs6O4h8I1Q2QsfNmm2GzqQVwW26LNsKsti
+BdEBYoOldyx+Ul+607hCnDD4qVjuJcbRc5r9Q2w25SNDTXpPtAERkq1Q3M2GT/Of
+ERiojg==
+-----END CERTIFICATE-----

crt/server.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDCDCCAfACAQAwgcIxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazES
+MBAGA1UEBwwJUm9jaGVzdGVyMRIwEAYDVQQKDAlFbmQgUG9pbnQxFzAVBgNVBAsM
+DlRlc3RpbmcgRG9tYWluMUswSQYJKoZIhvcNAQkBFjx5b3VyLWFkbWluaXN0cmF0
+aXZlLWFkZHJlc3NAeW91ci1hd2Vzb21lLWV4aXN0aW5nLWRvbWFpbi5jb20xEjAQ
+BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOgqM9H1Gm+sjYXjFyukbK8I5A4m7JXdbJdTUGl6iqzMRJVaqVyTITrpevmKADmm
+TxuswaRdLq/+612DIZzzVxt2g9Q/30Yr793qKDAmDTymjwm4BLv7RZ0t6mndMtrX
+d7YifuZVDWUFDn6Wwuf83nTmWxokbQAO8TEziom84er7bDcFLgqjfYwrKMXbPJp5
+U5I251UmwDaihh5xDZKPZNmOhd3Vg8PJLQlZXVU5K8trYpNtQKPLw8HMhrHZiB6K
+UjP8G7ZAALVncKbRnMED7sg/rbqu/UV9GVjla8Ga6KTJIWtm3yJCRE3+FYM9Hjbl
+Jf6pOOzecFOqn2wE+HKouX0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQC3t+PQ
+JXnxK2Wq2n0aidCay1HPMI+KQ8SetJmWduaelLL4scGM5q6w+tBH61AhZtLN7Y1x
+fFIhBq2YUVhtplK3F0Fh29f2IUef+2Rtz2UfQ1yPnJXJVTGDhJ6qiEyZqw7zHYwF
+q4QhJP3JbQ1Vr5B5nN+V9RiL91fH8mZQ7DvcLjCtHXmGDTB/hOM1vD6wFAskYkn4
+RP89/0oSmxQblk/mwpORpgwIewNAf76imUzPu+zB9tySMJmA0PCtsgkbhTbVLn+Q
+puAPyhwSrXtnpn2lqyXvHz68cKs/HHz9cxoVFIrwkRS6V7dpifmqZGQS8F48IE7h
+VoqatRbKEJZe90qq
+-----END CERTIFICATE REQUEST-----

crt/server.csr.cnf

@@ -0,0 +1,15 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+
+[dn]
+C=US
+ST=New York
+L=Rochester
+O=End Point
+OU=Testing Domain
+emailAddress[email protected]
+CN = localhost
+

crt/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6Coz0fUab6yNheMXK6RsrwjkDibsld1sl1NQaXqKrMxElVqp
+XJMhOul6+YoAOaZPG6zBpF0ur/7rXYMhnPNXG3aD1D/fRivv3eooMCYNPKaPCbgE
+u/tFnS3qad0y2td3tiJ+5lUNZQUOfpbC5/zedOZbGiRtAA7xMTOKibzh6vtsNwUu
+CqN9jCsoxds8mnlTkjbnVSbANqKGHnENko9k2Y6F3dWDw8ktCVldVTkry2tik21A
+o8vDwcyGsdmIHopSM/wbtkAAtWdwptGcwQPuyD+tuq79RX0ZWOVrwZropMkha2bf
+IkJETf4Vgz0eNuUl/qk47N5wU6qfbAT4cqi5fQIDAQABAoIBADcJSh+LqyiuDx6e
+JvABmoIj6WwxbgRY6VU2OunGUvmDsv5075Eyj74Xez+Mp2EDO92jpoQAUwEFvWX9
+oApE5XFtNvMp8RQBdmt1BvHjE2A9W8tCBF1Lw8TvDZLrDRMz4P0cUFjp8LLx7+2y
+b6HvIA02ToJ0ACLzZ9nyDfV5AVVisTQwJwzTiB980lllSYwrJM0VnJcV6yEN5rO+
+zhJxr8P1KvgCP5fmI2MjBkFxoYmGThFmO+y6NmVhx0ly2Ee+z4F8Zsk+wQ/Ew1lx
+/4ykAwOt/JRCsqG6PIZO05D46KSO4+ztzWlP54FtD9OfpSnEdEForq0IV5xWHT8s
+337R20ECgYEA+kpyIQLMHIxXP4CZgCe3kKSXJ48W5MQkwis6tP5D3qY+L7WqlnX7
+eS8lVwrEs5eAK9gfhD639CFD34qYdYFDTQ9g514ShSgB472ftaHc4UxFA8Fi9smB
+zMmv623TAoYcuXiySxshQ4cFupNxCQi+omegDYf8W6zc4Sa02PH03+cCgYEA7XXp
+V22ypo1S9Uu42wHW1k1rY0nX7YYdq6rh8w4acx/8g9BrZRhz4ITwo+CaYqnnIk3R
+3dQ8GO1iNy67o7VqfibIakx8aBEfogg3jggoHOmjqBddT/fyXSj9tZZHFNOsh6eJ
+sn5XTPLseHQn80dNTXItBiA4N2AvIl50yq4G/vsCgYEA9VdeMk+cpmtG5t93GDFW
+dblw1X0kktBVu+NGI76N5sUMdhXchqpV+78kGgNbNzPNlqy+kBIunWayMoCX267+
+up3VflYvT0kdORFaaV+ltU7e48R/7qstygD1qZA44+N0arYOByMr4xaKng4DIjjp
+LSbos/rVe0OiLC2V3oamY4cCgYEA0DAafk5s3Nz2qJzU2x5Hrud9iTVKnLKC/Oj6
+5E+vHNQkXaSzI5VGssea+vKGKI5xWIAFyYizj98/xsWwOR1q2mNCPwAD6nFo3HR7
+0IiSMpccptilNOFbmhXAKh4w/699igl3Dgj6nTo13H1qMT6IJag+lSpWXyZy7J0H
+pFLjS1UCgYBRyT6iMs2NfqvE1uwrw0sHpaKTE90L+TEfPXxdhjNWmirKKB1Wpllp
+irChddOXa9E3mCHnpdZq1JMP833iRjuc89KhBYl/iVbeVLHBBk3GmFyaMBjIQFhL
+T3AR3Q7Z9jGM4TGZc3G23FpmGLgOnnSAykm6EziCgxIm6fPyAZTtdQ==
+-----END RSA PRIVATE KEY-----

crt/v3.ext

@@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost

scripts/create-root-CA.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+DIR=$PWD
+
+rm -f $DIR/crt/*.key $DIR/crt/*.pem $DIR/crt/*.csr
+
+openssl genrsa -des3 -out $DIR/crt/rootCA.key 2048
+openssl req -x509 -new -nodes -key $DIR/crt/rootCA.key -sha256 -days 1024 -out $DIR/crt/rootCA.pem
+openssl req -new -sha256 -nodes -out $DIR/crt/server.csr -newkey rsa:2048 -keyout $DIR/crt/server.key -config <(cat $DIR/crt/server.csr.cnf)
+openssl x509 -req -in $DIR/crt/server.csr -CA $DIR/crt/rootCA.pem -CAkey $DIR/crt/rootCA.key -CAcreateserial -out $DIR/crt/server.crt -days 500 -sha256 -extfile $DIR/crt/v3.ext
+openssl x509 -text -in $DIR/crt/server.crt -noout