testdata/x509/create.sh - third_party/github.com/grpc/grpc-go - Git at Google

 #!/bin/bash

 # Create the server CA certs.
 openssl req -x509                                     \
   -newkey rsa:4096                                    \
   -nodes                                              \
   -days 3650                                          \
   -keyout server_ca_key.pem                           \
   -out server_ca_cert.pem                             \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/   \
   -config ./openssl.cnf                               \
   -extensions test_ca

 # Create the client CA certs.
 openssl req -x509                                     \
   -newkey rsa:4096                                    \
   -nodes                                              \
   -days 3650                                          \
   -keyout client_ca_key.pem                           \
   -out client_ca_cert.pem                             \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/   \
   -config ./openssl.cnf                               \
   -extensions test_ca

 # Generate two server certs.
 openssl genrsa -out server1_key.pem 4096
 openssl req -new                                    \
   -key server1_key.pem                              \
   -days 3650                                        \
   -out server1_csr.pem                              \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/   \
   -config ./openssl.cnf                             \
   -reqexts test_server
 openssl x509 -req           \
   -in server1_csr.pem       \
   -CAkey server_ca_key.pem  \
   -CA server_ca_cert.pem    \
   -days 3650                \
   -set_serial 1000          \
   -out server1_cert.pem     \
   -extfile ./openssl.cnf    \
   -extensions test_server
 openssl verify -verbose -CAfile server_ca_cert.pem  server1_cert.pem

 openssl genrsa -out server2_key.pem 4096
 openssl req -new                                    \
   -key server2_key.pem                              \
   -days 3650                                        \
   -out server2_csr.pem                              \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server2/   \
   -config ./openssl.cnf                             \
   -reqexts test_server
 openssl x509 -req           \
   -in server2_csr.pem       \
   -CAkey server_ca_key.pem  \
   -CA server_ca_cert.pem    \
   -days 3650                \
   -set_serial 1000          \
   -out server2_cert.pem     \
   -extfile ./openssl.cnf    \
   -extensions test_server
 openssl verify -verbose -CAfile server_ca_cert.pem  server2_cert.pem

 # Generate two client certs.
 openssl genrsa -out client1_key.pem 4096
 openssl req -new                                    \
   -key client1_key.pem                              \
   -days 3650                                        \
   -out client1_csr.pem                              \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/   \
   -config ./openssl.cnf                             \
   -reqexts test_client
 openssl x509 -req           \
   -in client1_csr.pem       \
   -CAkey client_ca_key.pem  \
   -CA client_ca_cert.pem    \
   -days 3650                \
   -set_serial 1000          \
   -out client1_cert.pem     \
   -extfile ./openssl.cnf    \
   -extensions test_client
 openssl verify -verbose -CAfile client_ca_cert.pem  client1_cert.pem

 openssl genrsa -out client2_key.pem 4096
 openssl req -new                                    \
   -key client2_key.pem                              \
   -days 3650                                        \
   -out client2_csr.pem                              \
   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client2/   \
   -config ./openssl.cnf                             \
   -reqexts test_client
 openssl x509 -req           \
   -in client2_csr.pem       \
   -CAkey client_ca_key.pem  \
   -CA client_ca_cert.pem    \
   -days 3650                \
   -set_serial 1000          \
   -out client2_cert.pem     \
   -extfile ./openssl.cnf    \
   -extensions test_client
 openssl verify -verbose -CAfile client_ca_cert.pem  client2_cert.pem

 # Cleanup the CSRs.
 rm *_csr.pem
	#!/bin/bash

	# Create the server CA certs.
	openssl req -x509 \
	-newkey rsa:4096 \
	-nodes \
	-days 3650 \
	-keyout server_ca_key.pem \
	-out server_ca_cert.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/ \
	-config ./openssl.cnf \
	-extensions test_ca

	# Create the client CA certs.
	openssl req -x509 \
	-newkey rsa:4096 \
	-nodes \
	-days 3650 \
	-keyout client_ca_key.pem \
	-out client_ca_cert.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/ \
	-config ./openssl.cnf \
	-extensions test_ca

	# Generate two server certs.
	openssl genrsa -out server1_key.pem 4096
	openssl req -new \
	-key server1_key.pem \
	-days 3650 \
	-out server1_csr.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/ \
	-config ./openssl.cnf \
	-reqexts test_server
	openssl x509 -req \
	-in server1_csr.pem \
	-CAkey server_ca_key.pem \
	-CA server_ca_cert.pem \
	-days 3650 \
	-set_serial 1000 \
	-out server1_cert.pem \
	-extfile ./openssl.cnf \
	-extensions test_server
	openssl verify -verbose -CAfile server_ca_cert.pem server1_cert.pem

	openssl genrsa -out server2_key.pem 4096
	openssl req -new \
	-key server2_key.pem \
	-days 3650 \
	-out server2_csr.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server2/ \
	-config ./openssl.cnf \
	-reqexts test_server
	openssl x509 -req \
	-in server2_csr.pem \
	-CAkey server_ca_key.pem \
	-CA server_ca_cert.pem \
	-days 3650 \
	-set_serial 1000 \
	-out server2_cert.pem \
	-extfile ./openssl.cnf \
	-extensions test_server
	openssl verify -verbose -CAfile server_ca_cert.pem server2_cert.pem

	# Generate two client certs.
	openssl genrsa -out client1_key.pem 4096
	openssl req -new \
	-key client1_key.pem \
	-days 3650 \
	-out client1_csr.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \
	-config ./openssl.cnf \
	-reqexts test_client
	openssl x509 -req \
	-in client1_csr.pem \
	-CAkey client_ca_key.pem \
	-CA client_ca_cert.pem \
	-days 3650 \
	-set_serial 1000 \
	-out client1_cert.pem \
	-extfile ./openssl.cnf \
	-extensions test_client
	openssl verify -verbose -CAfile client_ca_cert.pem client1_cert.pem

	openssl genrsa -out client2_key.pem 4096
	openssl req -new \
	-key client2_key.pem \
	-days 3650 \
	-out client2_csr.pem \
	-subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client2/ \
	-config ./openssl.cnf \
	-reqexts test_client
	openssl x509 -req \
	-in client2_csr.pem \
	-CAkey client_ca_key.pem \
	-CA client_ca_cert.pem \
	-days 3650 \
	-set_serial 1000 \
	-out client2_cert.pem \
	-extfile ./openssl.cnf \
	-extensions test_client
	openssl verify -verbose -CAfile client_ca_cert.pem client2_cert.pem

	# Cleanup the CSRs.
	rm *_csr.pem