1# Copyright (c) 2024, Witekio
2# SPDX-License-Identifier: Apache-2.0
3
4# Generate a server private key
5openssl ecparam \
6    -name prime256v1 \
7    -genkey \
8    -out server_privkey.pem
9
10# Generate a certificate signing request using server key
11openssl req \
12    -new \
13    -sha256 \
14    -key server_privkey.pem \
15    -out server_csr.pem \
16    -subj "/O=Zephyrproject/CN=zephyr"
17
18# Create a file containing server CSR extensions
19echo "subjectKeyIdentifier=hash" > server_csr.ext
20echo "authorityKeyIdentifier=keyid,issuer" >> server_csr.ext
21echo "basicConstraints=critical,CA:FALSE" >> server_csr.ext
22echo "keyUsage=critical,digitalSignature" >> server_csr.ext
23echo "extendedKeyUsage=serverAuth" >> server_csr.ext
24echo "subjectAltName=DNS:zephyr.local,IP.1:192.0.2.1,IP.2:2001:db8::1" >> server_csr.ext
25
26# Create a server certificate by signing the server CSR using the CA cert/key
27openssl x509 \
28    -req \
29    -sha256 \
30    -CA ca_cert.pem \
31    -CAkey ca_privkey.pem \
32    -days 36500 \
33    -CAcreateserial \
34    -CAserial ca.srl \
35    -in server_csr.pem \
36    -out server_cert.pem \
37    -extfile server_csr.ext
38
39# Create DER encoded versions of server certificate and private key
40openssl ec \
41    -outform der \
42    -in server_privkey.pem \
43    -out server_privkey.der
44
45openssl x509 \
46    -outform der \
47    -in server_cert.pem \
48    -out server_cert.der
49