cd
rm -rf ~/internal-ca
git clone https://github.com/bhagadepravin/internal-ca.git
cd ~/internal-ca
chmod +x *.sh

cd ~/internal-ca
sudo ./create_root.sh

sudo ./create_intermediate.sh intermediate
sudo ./create_server.sh intermediate c474-node1.coelab.cloudera.com

sudo ./create_intermediate.sh int3  
sudo ./create_client.sh int3 deviceA  
export certs

Usage: ./export.sh -i <intermediate-name> -c <certificate-name> -d <dest-folder> [-k] [-h]
  -h  Display help
  -i  name of the intermediate  
      (it's the /root/ca/<intermediate-name>)
  -c  name of the certificate ("intermediate" or client/server name) 
      (it's /root/ca/<intermediate-name>/certs/<CERT_NAME>.cert.pem and /root/ca/<intermediate-name>/private/<CERT_NAME>.cert.pem)
  -d  destination folder
  -k  exports the private key

Examples:

  to extract the intermediate "intermediate" (including private key) into ~/exported:
    ./export.sh -i intermediate -c intermediate -d ~/exported -k

  to extract the server "c474-node1.coelab.cloudera.com" (including private key) into ~/exported:
    ./export.sh -i intermediate -c c474-node1.coelab.cloudera.com -d ~/exported -k

  to extract the client "device3" (including private key) into ~/exported:
    ./export.sh -i intermediate -c device3 -d ~/exported -k

sudo openssl x509 -noout -in /root/ca/certs/ca.cert.pem -noout -subject -issuer

# NOTE: replace `<INTERMEDIATE>` with the intermediate name

sudo openssl x509 -noout -in <INTERMEDIATE>/certs/intermediate.cert.pem -noout -subject -issuer

# NOTE: replace `<INTERMEDIATE>` with the intermediate name
sudo openssl verify -CAfile /root/CA/certs/ca.cert.pem /root/CA/<INTERMEDIATE>/certs/intermediate.cert.pem