#!env sh

# Make CA key
openssl req -nodes -new -x509 -keyout ca_key.pem -out ca_cert.pem -subj '/CN=MalwareDB Root CA/C=US/ST=Maryland/L=Baltimore/O=MalwareDB'

# Make CSR
openssl req -new -nodes -out server.csr -newkey rsa:4096 -keyout server_key.pem -subj '/CN=MalwareDB Server/C=US/ST=Maryland/L=Baltimore/O=MalwareDB'

cat > server.v3.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1
EOF

# Sign server cert
openssl x509 -req -in server.csr -CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial -out server_cert.pem -days 3000 -sha256 -extfile server.v3.ext

# Server cert to have the CA cert as well.
cat server_cert.pem ca_cert.pem > server_ca_cert.pem