2 files changed, 49 insertions, 0 deletions

diff --git a/scripts/generate-tls-ca.sh b/scripts/generate-tls-ca.sh
new file mode 100755
index 000000000..9fe82b677
--- /dev/null
+++ b/scripts/generate-tls-ca.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env sh
+
+set -e
+
+OUTDIR="$(dirname ${0})"
+
+printf 'Output directory: %s\n' "${OUTDIR}"
+
+printf 'ca\ncert_signing_key' > template
+certtool --generate-privkey > "${OUTDIR}/ca-key.pem"
+certtool --generate-self-signed \
+	--template template \
+	--load-privkey "${OUTDIR}/ca-key.pem" \
+	--outfile "${OUTDIR}/ca-cert.pem"
+rm template
+
+printf 'expiration_days = 365' > template
+certtool --generate-crl --load-ca-privkey "${OUTDIR}/ca-key.pem" \
+	--template template \
+	--load-ca-certificate "${OUTDIR}/ca-cert.pem" \
+	--outfile "${OUTDIR}/crl.pem"
+rm template
+
+printf 'encryption_key\nsigning_key' > template
+certtool --generate-privkey > "${OUTDIR}/server-key.pem"
+certtool --generate-certificate \
+	--template template \
+	--load-privkey "${OUTDIR}/server-key.pem" \
+	--load-ca-certificate "${OUTDIR}/ca-cert.pem" \
+	--load-ca-privkey "${OUTDIR}/ca-key.pem" \
+	--outfile "${OUTDIR}/server-cert.pem"
+rm template
diff --git a/scripts/generate-tls-cert.sh b/scripts/generate-tls-cert.sh
new file mode 100755
index 000000000..0dccbd054
--- /dev/null
+++ b/scripts/generate-tls-cert.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env sh
+
+set -e
+
+OUTDIR="$(dirname ${0})"
+
+printf 'Output directory: %s\n' "${OUTDIR}"
+
+printf 'encryption_key\nsigning_key' > template
+certtool --generate-privkey > "${OUTDIR}/client-key.pem"
+certtool --generate-certificate \
+	--template template \
+	--load-privkey "${OUTDIR}/client-key.pem" \
+	--load-ca-certificate "${OUTDIR}/ca-cert.pem" \
+	--load-ca-privkey "${OUTDIR}/ca-key.pem" \
+	--outfile "${OUTDIR}/client-cert.pem"
+rm template