[PD1] Added certificates and fixed a few things

2024-04-18 20:15:29 +01:00 · 2024-04-18 20:15:29 +01:00 · 1cb81d2279
commit 1cb81d2279
parent b7023329de
28 changed files with 596 additions and 54 deletions
--- a/Projs/PD1/certs/README.md
+++ b/Projs/PD1/certs/README.md
@ -0,0 +1,48 @@
+# Generating keys
+
+1. Generate CA key and certificate:
+
+```bash
+openssl genrsa -aes256 -out CA/CA.key 4096
+openssl req -x509 -new -nodes -key CA/CA.key -sha256 -days 18250 -out CA/CA.pem -subj "/2.5.4.3=CA"
+```
+The CA passphrase is 1234
+
+2. Generate server key and CSR:
+
+```bash
+openssl genrsa -out server/server.key 4096
+openssl req -new -key server/server.key -out server/server.csr -subj "/2.5.4.11=MSG SERVICE/2.5.4.65=SERVER"
+```
+
+3. Sign the server CSR with CA:
+
+```bash
+openssl x509 -req -in server/server.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out server/server.crt -days 1825 -sha256
+```
+
+4. Generate the server's keystore:
+
+```bash
+openssl pkcs12 -export -out server/server.p12 -inkey server/server.key -in server/server.crt -certfile CA/CA.pem -name "ServerKeyStore"
+```
+The passphrase used for the keystore is server
+
+5. Generate each client's key and CSR:
+
+```bash
+openssl genrsa -out client{NUM}/client{NUM}.key 4096
+openssl req -new -key client{NUM}/client{NUM}.key -out client{NUM}/client{NUM}.csr -subj "/2.5.4.11=MSG SERVICE/2.5.4.65=CL{NUM}/2.5.4.3=Client {NUM}"
+```
+
+6. Sign the client CSR with CA:
+
+```bash
+openssl x509 -req -in client/client.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out client/client.crt -days 1825 -sha256
+```
+7. Generate the client's keystore:
+
+```bash
+openssl pkcs12 -export -out client{NUM}/client{NUM}.p12 -inkey client{NUM}/client{NUM}.key -in client{NUM}/client{NUM}.crt -certfile CA/CA.pem -name "Client{NUM}KeyStore"
+```
+The passphrase used for the keystore is client{NUM}