forked from fhessel/esp32_https_server
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcreate_cert.sh
More file actions
executable file
·86 lines (74 loc) · 2.47 KB
/
create_cert.sh
File metadata and controls
executable file
·86 lines (74 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
set -e
#------------------------------------------------------------------------------
# cleanup any previously created files
rm -f exampleca.* example.* cert.h private_key.h
#------------------------------------------------------------------------------
# create a CA called "myca"
# create a private key
openssl genrsa -out exampleca.key 1024
# create certificate
cat > exampleca.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = DE
ST = BE
L = Berlin
O = MyCompany
CN = myca.local
EOF
openssl req -new -x509 -days 3650 -key exampleca.key -out exampleca.crt -config exampleca.conf
# create serial number file
echo "01" > exampleca.srl
#------------------------------------------------------------------------------
# create a certificate for the ESP (hostname: "myesp")
# create a private key
openssl genrsa -out example.key 1024
# create certificate signing request
cat > example.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = DE
ST = BE
L = Berlin
O = MyCompany
CN = esp32.local
EOF
openssl req -new -key example.key -out example.csr -config example.conf
# have myca sign the certificate
openssl x509 -days 3650 -CA exampleca.crt -CAkey exampleca.key -in example.csr -req -out example.crt
# verify
openssl verify -CAfile exampleca.crt example.crt
# convert private key and certificate into DER format
openssl rsa -in example.key -outform DER -out example.key.DER
openssl x509 -in example.crt -outform DER -out example.crt.DER
# create header files
echo "#ifndef CERT_H_" > ./cert.h
echo "#define CERT_H_" >> ./cert.h
xxd -i example.crt.DER >> ./cert.h
echo "#endif" >> ./cert.h
echo "#ifndef PRIVATE_KEY_H_" > ./private_key.h
echo "#define PRIVATE_KEY_H_" >> ./private_key.h
xxd -i example.key.DER >> ./private_key.h
echo "#endif" >> ./private_key.h
# Copy files to every example
for D in ../examples/*; do
if [ -d "${D}" ] && [ -f "${D}/$(basename $D).ino" ]; then
echo "Adding certificate to example $(basename $D)"
cp ./cert.h ./private_key.h "${D}/"
fi
done
echo ""
echo "Certificates created!"
echo "---------------------"
echo ""
echo " Private key: private_key.h"
echo " Certificate data: cert.h"
echo ""
echo "Make sure to have both files available for inclusion when running the examples."
echo "The files have been copied to all example directories, so if you open an example"
echo " sketch, you should be fine."