-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit_tls.sh
executable file
·21 lines (15 loc) · 1.24 KB
/
init_tls.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/bash
# In order to secure the connection between the car and the client you'll need to generate TLS certificates
# This is an example script using CloudFlare's PKI toolkit
# This command creates a self-signed certificate for a certificate authority which is used to sign and validate client and server certificates
cfssl gencert --initca tls/ca-csr.json | cfssljson --bare tls/ca
# Both the server and the client require the CA certificate in order to validate each other
# The following commands copy the certificates to their appropriate locations
cp tls/ca.pem server/tls/ca.pem
cp tls/ca.pem client/tls/ca.pem
# This command creates a certificate for the server and signs it with the previously generated certificate authority
# You might need to change the default hostname from "raspberrypi.local"
hostname=${1:-"raspberrypi.local"}
cfssl gencert --ca=tls/ca.pem --ca-key=tls/ca-key.pem --config=tls/ca-config.json --hostname=${hostname} tls/server-csr.json | cfssljson --bare server/tls/server
# This command creates a certificate for the client and signs it with the previously generated certificate authority
cfssl gencert --ca=tls/ca.pem --ca-key=tls/ca-key.pem --config=tls/ca-config.json tls/client-csr.json | cfssljson --bare client/tls/client