# Generating keys

1. Generate CA key and certificate:

```bash
openssl genrsa -aes256 -out CA/CA.key 4096
openssl req -x509 -new -nodes -key CA/CA.key -sha256 -days 18250 -out CA/CA.pem -subj "/2.5.4.3=CA"
```
The CA passphrase is 1234

2. Generate server key and CSR:

```bash
openssl genrsa -out server/server.key 4096
openssl req -new -key server/server.key -out server/server.csr -subj "/2.5.4.11=MSG SERVICE/2.5.4.65=SERVER"
```

3. Sign the server CSR with CA:

```bash
openssl x509 -req -in server/server.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out server/server.crt -days 1825 -sha256
```

4. Generate the server's keystore:

```bash
openssl pkcs12 -export -out server/server.p12 -inkey server/server.key -in server/server.crt -certfile CA/CA.pem -name "ServerKeyStore"
```
The passphrase used for the keystore is server

5. Generate each client's key and CSR:

```bash
openssl genrsa -out client{NUM}/client{NUM}.key 4096
openssl req -new -key client{NUM}/client{NUM}.key -out client{NUM}/client{NUM}.csr -subj "/2.5.4.11=MSG SERVICE/2.5.4.65=CL{NUM}/2.5.4.3=Client {NUM}"
```

6. Sign the client CSR with CA:

```bash
openssl x509 -req -in client/client.csr -CA CA/CA.pem -CAkey CA/CA.key -CAcreateserial -out client/client.crt -days 1825 -sha256
```
7. Generate the client's keystore:

```bash
openssl pkcs12 -export -out client{NUM}/client{NUM}.p12 -inkey client{NUM}/client{NUM}.key -in client{NUM}/client{NUM}.crt -certfile CA/CA.pem -name "Client{NUM}KeyStore"
```
The passphrase used for the keystore is client{NUM}