golang-mtls-example/cert.sh

#!/bin/env sh

openssl-3.0 req -new -nodes \
    -out pki/$1.csr \
    -keyout pki/$1.key \
    -subj "/CN=MTLS TEST $1 certificate" \
    -addext "basicConstraints=CA:FALSE" \
    -addext "keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment" \
    -addext "subjectAltName=DNS.1:$1,DNS.2:localhost"
openssl-3.0 x509 -req -in pki/$1.csr -out pki/$1.crt -copy_extensions copy \
    -days 865 -sha256 \
    -CA pki/ca.crt -CAkey pki/ca.key \
    -CAcreateserial -CAserial pki/ca.srl