if you need to test Foreman - Smart proxy or Client - Foreman or Client - Smart Proxy HTTPS communication in a dev setup, you might find useful a script which I actually digged on my drive. It can generate CA, server cert and client cert(s) with a single command.
Also from a quick scan, neither of them adds SAN to the certificate, so modern browsers won’t consider these certificates safe and you’ll be facing warning. If you want a real CA, I had a good results with step-ca open source server — Smallstep — Build Big
That’s of course very different from what this dummyx509 was designed for, just wanted to list more options in a single place.
Actually, I could not get get SAN working, not because of browsers but because openssl was not copying X509 extensions into the certificate. So I removed the alias from the script, I want to keep things simple and not write yet another tool.
I asked on the internal list about the X509 V3 extension issue and I got another tool recommendation:
I’d suggest to use certgen script for this:
It supports very old and new versions of openssl transparently (it works on RHEL-5 and later) as well as creates certificates that are more typical of the public Internet.
to create a set of certificates like you described, run:
x509KeyGen ca &&
x509KeyGen server &&
x509SelfSign ca &&
x509CertSign --CA ca server --CN [test.example.com](http://test.example.com/) --subjectAltName
x509CertSign --CA ca -t webclient client
So just for the record, here is another one
Btw I posted it here not because I think my script is awesome, it is a very old dirty script of mine, but because Adam asked on scrum and I saw it the other day when I was searching for something else. Definitely use Erik’s tool that does look like something more useful.