Merge pull request #35 from orbitdb/experiment/keygen

Experiment: Keygen

Author: aphelionz

.gitignore

@@ -63,6 +63,7 @@ typings/
 # ignore certificates
 *.crt
 *.key
+certs/
 
 # ignore local db repository
 orbitdb/

Makefile

@@ -0,0 +1,17 @@
+root-cert:
+	mkdir -p certs
+	openssl genrsa -des3 -out certs/orbit-db-http-api.key 2048
+	openssl req -x509 \
+		-new -nodes \
+		-key certs/orbit-db-http-api.key \
+		-sha256 \
+		-days 1024 \
+		-out certs/orbit-db-http-api.pem
+	mkdir -p /usr/local/share/ca-certificates/extra
+	cp certs/orbit-db-http-api.pem /usr/local/share/ca-certificates/extra/orbit-db-http-api.crt
+	update-ca-certificates
+
+uninstall-root-cert:
+	rm -rf /usr/local/share/ca-certificates/extra/orbit-db-http-api.crt
+	rmdir --ignore-fail-on-non-empty /usr/local/share/ca-certificates/extra
+	update-ca-certificates

keygen.sh

@@ -0,0 +1,22 @@
+#! /bin/bash
+
+openssl req \
+ -new -sha256 -nodes \
+ -out ./certs/localhost.csr \
+ -newkey rsa:2048 -keyout ./certs/localhost.key \
+ -subj "/C=AU/ST=WA/L=City/O=Organization/OU=OrganizationUnit/CN=localhost/emailAddress=demo@example.com"
+
+openssl x509 \
+ -req \
+ -in ./certs/localhost.csr \
+ -CA ./certs/orbit-db-http-api.pem -CAkey ./certs/orbit-db-http-api.key -CAcreateserial \
+ -out ./certs/localhost.crt \
+ -days 500 \
+ -sha256 \
+ -extfile <(echo " \
+    [ v3_ca ]\n \
+    authorityKeyIdentifier=keyid,issuer\n \
+    basicConstraints=CA:FALSE\n \
+    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n \
+    subjectAltName=DNS:localhost \
+   ")