#!/bin/sh # source: https://users.rust-lang.org/t/use-tokio-tungstenite-with-rustls-instead-of-native-tls-for-secure-websockets/90130 make_and_sign() { # Create unencrypted private key and a CSR (certificate signing request) openssl req -newkey rsa:2048 -nodes -subj "/C=FI/CN=vahid" -keyout "$1.key" -out "$1.csr" # Create self-signed certificate (`$1.pem`) with the private key and CSR openssl x509 -signkey "$1.key" -in "$1.csr" -req -days 365 -out "$1.pem" # Sign the CSR (`$1.pem`) with the root CA certificate and private key # => this overwrites `$1.pem` because it gets signed openssl x509 -req -CA ca_root.pem -CAkey ca_root.key -in "$1.csr" -out "$1.pem" -days 1825 -CAcreateserial -extfile localhost.ext } # Create a self-signed root CA openssl req -x509 -sha256 -nodes -subj "/C=FI/CN=vahid" -days 1825 -newkey rsa:2048 -keyout ca_root.key -out ca_root.pem # Create file localhost.ext with the following content: cat <<'EOF' > localhost.ext authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE subjectAltName = @alt_names [alt_names] DNS.1 = localhost EOF make_and_sign client make_and_sign server