3 # Creates the CA, server and client certs to be used by tls_test.go
4 # http://www.rabbitmq.com/ssl.html
6 # Copy stdout into the const section of tls_test.go or use for RabbitMQ
10 if [ -f $root/ca/serial ]; then
11 echo >&2 "Previous installation found"
12 echo >&2 "Remove $root/ca and rerun to overwrite"
16 mkdir -p $root/ca/private
17 mkdir -p $root/ca/certs
25 echo 'unique_subject = no' > index.txt.attr
33 certificate = $dir/cacert.pem
34 database = $dir/index.txt
35 new_certs_dir = $dir/certs
36 private_key = $dir/private/cakey.pem
43 policy = testca_policy
44 x509_extensions = certificate_extensions
48 stateOrProvinceName = optional
49 countryName = optional
50 emailAddress = optional
51 organizationName = optional
52 organizationalUnitName = optional
54 [ certificate_extensions ]
55 basicConstraints = CA:false
59 default_keyfile = ./private/cakey.pem
62 distinguished_name = root_ca_distinguished_name
63 x509_extensions = root_ca_extensions
65 [ root_ca_distinguished_name ]
68 [ root_ca_extensions ]
69 basicConstraints = CA:true
70 keyUsage = keyCertSign, cRLSign
72 [ client_ca_extensions ]
73 basicConstraints = CA:false
74 keyUsage = digitalSignature
75 extendedKeyUsage = 1.3.6.1.5.5.7.3.2
77 [ server_ca_extensions ]
78 basicConstraints = CA:false
79 keyUsage = keyEncipherment
80 extendedKeyUsage = 1.3.6.1.5.5.7.3.1
81 subjectAltName = @alt_names
93 -subj "/CN=MyTestCA/" \
102 openssl genrsa -out $root/server/key.pem 2048
103 openssl genrsa -out $root/client/key.pem 2048
108 -config openssl.cnf \
109 -subj "/CN=127.0.0.1/O=server/" \
110 -key $root/server/key.pem \
111 -out $root/server/req.pem \
117 -config openssl.cnf \
118 -subj "/CN=127.0.0.1/O=client/" \
119 -key $root/client/key.pem \
120 -out $root/client/req.pem \
124 -config openssl.cnf \
125 -in $root/server/req.pem \
126 -out $root/server/cert.pem \
129 -extensions server_ca_extensions
132 -config openssl.cnf \
133 -in $root/client/req.pem \
134 -out $root/client/cert.pem \
137 -extensions client_ca_extensions
141 `cat $root/ca/cacert.pem`
144 const serverCert = \`
145 `cat $root/server/cert.pem`
149 `cat $root/server/key.pem`
152 const clientCert = \`
153 `cat $root/client/cert.pem`
157 `cat $root/client/key.pem`